Sony has confirmed a data breach due to a MOVEit vulnerability, which has impacted 6791 of its current and former employees or their family members.
Sony Interactive Entertainment LLC (“SIE”) has confirmed that it was the victim of a data breach due to MOVEit vulnerability. The data breach affected thousands of United States-based current and former employees or their family members.
In a data breach notification filed with the Office of the Maine Attorney General, Sony said that the attackers were able to gain unauthorized access to MOVEit servers and steal data that was being transferred through the tool.
The data breach occurred from May 28th to May 30th, 2023, and the stolen data included “names and other personal identifiers combined with Social Security Numbers (SSNs).”
Sony said that it has taken steps to mitigate the impact of the breach. The company is also offering credit monitoring and identity theft protection services to affected customers. In a notice to victims, Sony further explained the scope of the data breach stating:
“On June 2, 2023, SIE discovered the unauthorized downloads, immediately took the platform offline and remediated the vulnerability. An investigation was then launched with assistance from external cybersecurity experts. We also notified law enforcement.“
“Once SIE identified the downloaded files, we began a process to determine what types of personal information were affected and to whom it relates. While we worked quickly, this was a time-consuming process, and we wanted to provide you with accurate information.“
Sony Interactive Entertainment LLC (“SIE”)
This is the latest in a series of data breaches that have affected Sony in recent years. In 2014, Sony was hacked by North Korea, and the attackers stole a massive amount of data, including unreleased movies and TV shows.
MOVEit vulnerability – A Major Cybersecurity Treat
The MOVEit vulnerability is a serious threat to businesses that use the tool to transfer files. The impact of the vulnerability is significant. According to a report published in September this year, MOVEit vulnerability has affected over 900 schools in the United States, resulting in data breaches involving sensitive student information.
It’s important to highlight that the MOVEit vulnerability was extensively exploited by the notorious Cl0p ransomware gang. In July 2023, the group took the unusual step of publishing data stolen through this vulnerability on its clearnet website, instead of confining it to the dark web. Sony was among the victim companies listed on their website.
If you are a impacted by Sony data breach, you should be aware of the possibility that your data may have been compromised. You should monitor your accounts for any suspicious activity and change your passwords immediately. You should also contact Sony customer support for more information.
Nevertheless, businesses that use MOVEit should immediately patch their servers to fix the vulnerability. Businesses should also review their file transfer security policies to make sure that they are protecting their data from unauthorized access.