Sony Interactive Entertainment (SIE) is reaching out to current and ex-employees or their family members regarding a cyber breach that may have exposed their personal information, according to a report by Bleeping Computer.
About 6,800 individuals received the message from Sony. According to the company, the intruders “exploited a zero-day vulnerability in MOVEit Transfer platform”. SIE employees make use of the MOVEit platform which was developed by Progress Software, a third-party IT vendor.
According to Bleeping Computer, “The zero-day is CVE-2023-34362, a critical-security SQL injection flaw that leads to remote code execution, leveraged by the Clop ransomware in large-scale attacks that compromised several organizations across the globe”.
ALSO READ: Ex-Bungie HR Manager Sues Studio As Waves Of Legal Fireworks Sweep Through Video Game Industry
On May 31, Progress Software announced it had uncovered a vulnerability in MOVEit. However, it was already too late at that time because three days earlier, an “unauthorized actor” had exploited the vulnerability to download SIE files and accessed the personal information of 6,791 present and former employees at Sony Interactive Entertainment.
In June this year, Clop ransomware group added Sony Group to a growing list of companies they planned to target. However, Sony did not reply to the threat at that time. Sony only recently spoke up and said the incident was restricted to MOVEit and did not impact any other systems in the company.
In September 2023, another ransomware group, Ransomed.vc claimed they had a cache of data stolen from Sony and threatened to sell it “due to Sony not wanting to pay”. Sony responded days later that it was investigating the situation.
“We are currently investigating the situation, and we have no further comment at this time,” Sony told IGN when they reached out for comment.
Sony Interactive Entertainment has taken action to mitigate the impact of the breach
It is believed that sensitive information of over 6,700 people in the U.S. was compromised. Progress Software has meticulously sorted out the exposed details and listed them in the letter sent out to the affected individuals. Personal details were redacted in the sample notification letter submitted to the Office of the Maine Attorney General.
ALSO READ: 2 Ways To Play PS5 In Tesla Exposed
“We are writing to you as we believe you are a former employee of Sony Interactive Entertainment (SIE) or are a family member of a current or former employee of SIE,” read the letter sent to the affected current and ex-employees. “We want to provide you with information about a cybersecurity event related to one of our IT vendors, Progress Software, that involved some of your personal information.”
Further down the letter, Sony revealed that it would provide free credit monitoring and identity restoration services. Also, the company asked those affected to keep their eyes peeled for any signs of fraud or identity theft.
“It is always a good idea to remain vigilant against threats of identity theft or fraud and to review and monitor your account statements and credit history for any signs of unauthorized transactions or activity regularly,” Sony mentioned in the letter.
ALSO READ: 10 Female Video Game Characters Loved For Their Beauty, Brawn, And Bravery
To further support victims of the breach, Sony revealed that it has opened a dedicated call center to answer questions relating to the breach. Those who need further clarification were invited to call the call center at 1-855-457-8896 from Monday to Friday between 9:00 a.m. and 6:00 p.m. ET.
In 2011 Sony’s PlayStation Network suffered a massive breach leading to the compromise of personal details in 77 million accounts. Subsequently, the service was shut down for 23 days. According to Sony, the hack cost the company about $100 million since launch dates were disrupted.
Remember to share and bookmark this website to stay up to date on all the hottest news in the gaming industry.
