Sony Interactive Entertainment (SIE) has confirmed that hackers stole data from approximately 6,800 employees through a breach involving the MOVEit file transfer application. Unauthorized access enabled the hackers to download sensitive employee information.
The breach, attributed to the CL0P ransomware group, was reported on May 28. MOVEit’s vendor, Progress Software, alerted Sony to the vulnerability on May 31. Sony promptly responded by shutting down the application and addressing the security flaw.
In response to the breach, Sony has initiated an investigation with cybersecurity experts and informed law enforcement. Affected US employees are being offered credit monitoring services. This incident occurred just a week after another attack on Sony’s servers in Japan, where hackers accessed internal test systems for Sony’s entertainment and technology divisions, stealing over 3GB of data.
Although the Ransomed.vc group initially claimed responsibility for the Japan attack, another group named MajorNelson disputed this, providing stolen file samples as evidence. Sony confirmed their investigation into the matter, stating that operations were unaffected.
Sony has a history of significant breaches, including the 2011 PlayStation Network breach and the 2014 Sony Pictures breach, which led to the leak of company information and unreleased films. The recent back-to-back attacks highlight Sony’s continued vulnerability, prompting the company to take swift action by disabling affected systems and involving law enforcement.