As reported by Bleeping Computer, Sony Interactive Entertainment sent a notification to around 6,800 former and current employees informing them that a cybersecurity breach had exposed their personal information. It is believed that the breach occurred on May 28 when an “unauthorized party exploited a zero-day vulnerability in the MOVEit Transfer platform.”
Sony is not the only organization affected by the MOVEit vulnerability, and the list of victims includes US government agencies and the BBC. The cyber-attack was executed by Clop, which is a Russian-speaking ransomware cyber gang. It has been responsible for several cyber-attacks on major companies, including CNN and British Airways.
Sony’s battles with cyber-attacks
In Sony’s notification to its employees, it notes that the breach was discovered on June 2, and it immediately took action. An investigation was launched with the help of cybersecurity experts and law enforcement was informed. The company also claims it has increased its monitoring of its systems and is taking further steps to prevent such attacks from occurring again.
According to Sony, the cyber-attack did not affect any of its other systems. It also appears that no customer data has been affected, though this isn’t the only problem Sony has to worry about. It also suffered a data breach on a single server in Japan.
In a statement to Bleeping Computer, the company stated that “there is currently no indication that customer or business partner data was stored on the affected server or that any other Sony systems were affected.” Last month, a ransomware group claimed to have compromised Sony’s systems. Sony claimed to be investigating the issue, and it is not clear yet whether it is related to the Japan data breach.
Now would be a good time to remind you that you can activate two-step verification on PlayStation to give your account an additional layer of protection.