As reported by BleepingComputer, the PlayStation maker has been contacting those affected and letting them know what happened.
According to Sony, the breach involved the MOVEit file transfer platform used by SIE employees, which is developed by third-party IT vendor Progress Software.
Progress announced on May 31 that it had discovered a vulnerability in MOVEit, but three days before this, an “unauthorised actor” had already used the vulnerability to download SIE files, accessing personal information for 6,791 current and former SIE employees based in the United States.
Sony claims the incident was limited to this particular software platform and had no impact on its other systems.
CL0P #ransomware group added Sony Group (https://t.co/gWitcpMi4s), a Japanese multinational conglomerate corporation to their victim list. #Japan @SonyGroupGlobal#clop #darkweb #databreach #cyberrisk https://t.co/K61asq3o3E pic.twitter.com/JOnfhSdaPF— FalconFeedsio (@FalconFeedsio) June 22, 2023
“On June 2, 2023, SIE discovered the unauthorised downloads, immediately took the platform offline and remediated the vulnerability,” Sony says in a letter sent to the former employees whose data was accessed.
“An investigation was then launched with assistance from external cybersecurity experts. We also notified law enforcement.
“Once SIE identified the downloaded files, we began a process to determine what types of personal information were affected and to whom it relates. While we worked quickly, this was a time-consuming process, and we wanted to provide you accurate information.”
Sony is providing those affected with free credit monitoring and identity restoration services and asking them to keep an eye out for signs of identity theft or fraud.
The data was reportedly accessed by CL0P, a ransomware group that announced in late June that it had accessed Sony employee information.
Last month, a separate ransomware group claimed to have successfully breached Sony Group and was threatening to sell a cache of data stolen from the Japanese company. Sony said it was investigating the situation.
A Sony spokesperson said at the time: “Sony has been investigating recent public claims of a security incident at Sony. We are working with third-party forensics experts and have identified activity on a single server located in Japan used for internal testing for the Entertainment, Technology and Services (ET&S) business.
“Sony has taken this server offline while the investigation is ongoing. There is currently no indication that customer or business partner data was stored on the affected server or that any other Sony systems were affected. There has been no adverse impact on Sony’s operations.”
In 2011, Sony’s PlayStation Network suffered a massive breach that resulted in the personal details of approximately 77 million accounts being compromised and the service being taken offline for 23 days.
Sony initially estimated the hack would cost it more than $100m, and it was forced to apologise not only to players, but developers whose game launches were disrupted or whose online services were left unavailable.
Related Forum: PlayStation Forum