Sony Interactive Entertainment Confirms security breaches on its servers that exposed employee data. The company has reached out to 6,800 current and former employees to alert them that hackers may have accessed their data.
Sony Interactive Entertainment Confirms Security Breaches on its Servers
Sony is actively notifying certain current and former Sony Interactive Entertainment (SIE) employees about a security incident that occurred in May, resulting in the compromise of their personal information. Approximately 6,800 individuals have received these notifications, according to a report by Bleeping Computer. Sony has also confirmed another security breach that took place in September.
In June, a ransomware group called Cl0p took credit for infiltrating a Sony server. The breach exploited a vulnerability in the file-sending platform MOVEit Transfer, which Sony Interactive Entertainment (SIE) had been utilizing. It’s worth noting that MOVEit cyberattacks have impacted several organizations, with Sony being one of them.
Sony Acknowledges Another Breach in September
Sony has initiated the process of notifying certain current and former employees of Sony Interactive Entertainment (SIE) about a security breach that transpired in May. As reported by Bleeping Computer, approximately 6,800 individuals received these notifications. Additionally, Sony has acknowledged another breach that took place in September.
The breach in June was attributed to a ransomware group called Cl0p, which claimed responsibility for infiltrating a Sony server. This breach exploited a vulnerability within the MOVEit Transfer platform used by SIE for file-sharing. Notably, MOVEit cyberattacks have impacted multiple organizations, with Sony being one of the affected parties.
According to Sony’s letter to the affected individuals, Progress Software, the developer of MOVEit Transfer, informed its clients, including Sony, about a platform vulnerability on May 31st. Subsequently, SIE identified that a breach had occurred on May 28th, during which hackers accessed and downloaded data from the server.
This server contained personally identifiable information of employees based in the United States. Sony is taking measures to offer credit monitoring services to those individuals affected by the breach and has confirmed that the vulnerability has been addressed and resolved.
In the previous month, Sony initiated an investigation into a second breach wherein hackers obtained 3.14GB of data. Sony has confirmed that this particular server, situated in Japan, serves the purpose of internal testing for its Entertainment, Technology, and Services business, as conveyed in a statement to Bleeping Computer. Sony is actively investigating this incident and has temporarily deactivated the server.
The responsible hackers proceeded to release files from this breach, which included data from the SonarQube platform, certificates, a license generator, Creators’ Cloud, and more. Sony has clarified that this recent incident did not have any adverse impact on the company’s operations.
Frequently Asked Questions
Is Sony Taking Measures to Prevent Future Security Breaches?
Yes, Sony is conducting investigations into the breaches and has taken steps to enhance security. They also mentioned that they have fixed the vulnerabilities.
Were There Any Adverse Impacts on Sony’s Operations Due to These Security Breaches?
Sony stated that the September breach had “no adverse impact on Sony’s operations.”
What Actions did Sony Take to Address These Breaches?
Sony notified the affected individuals and offered credit monitoring services. They also addressed the vulnerabilities that led to the breaches.