Sony Interactive Entertainment (SIE) has confirmed a data breach exposed nearly 7,000 employees’ personal info
A third-party IT vendor, Progress Software, provided the MOVEit file transfer platform employed by SIE, which became the vulnerable point in this breach. On May 31, Progress identified a vulnerability in its software. However, the damage was done three days earlier when unauthorized individuals exploited this weakness, accessing the personal details of 6,791 SIE employees, both past and present, predominantly based in the United States.
The PlayStation Data Breach
Sony has emphasized that this breach was restricted to the MOVEit platform, ensuring that their other systems remained uncompromised.
Once alerted to the unauthorized access on June 2, 2023, Sony immediately disabled the platform and addressed the vulnerability. Per VideoGamesChronicle, In a communication to former employees impacted by this breach, Sony detailed that they instigated a comprehensive investigation, employing external cybersecurity specialists and informing the relevant law enforcement agencies. The focus was to discern the exact nature and scope of the accessed information. Despite the urgency, Sony took its time to ensure accuracy in its findings and communications.
One name associated with this breach is the ransomware group CL0P, who declared in June (tweet posted above) that they had acquired Sony employee details. Just last month, I covered another ransomware group boasting about breaking into the Sony Group, even hinting at offloading a chunk of data they allegedly swiped from Sony. Naturally, Sony stated they would look into these claims. Nothing has come from that one... yet. In response, Sony launched an investigation to assess the validity of these claims.
To alleviate concerns, Sony stated that they are offering free credit monitoring and identity restoration services to the impacted individuals and has advised them to remain vigilant for potential identity theft or fraudulent activities.
As most already know, Sony's history with data breaches dates back to 2011 when the PlayStation Network was compromised, affecting approximately 77 million accounts. This breach had taken the service offline for nearly a month. The financial implications then were significant, costing Sony over $100 million. The incident led to not just consumer distress but also impacted developers whose product launches were affected or online services became inaccessible.
While Sony has supposedly been vigilant since the 2011 incident, this recent breach underscores the persistent challenges organizations face in ensuring data security, especially in an era of increasing cyber threats.
~Smash
Comentarios