Nearly 7,000 Sony Interactive Employees Have Had Their Personal Information Stolen

A little over a week after Ransomed.vc was reported to have breached Sony Interactive Entertainment’s systems, the company has officially confirmed it. Sony’s initial response was that they were investigating the claims. Now, they have sent notifications to 6,800 current and former employees confirming a breach that was the result of a “zero-day vulnerability in the MOVEit Transfer platform”.

According to Bleeping Computer, this vulnerability results in remote code execution, which is used in large-scale attacks against organizations worldwide. This is achieved using Clop ransomware. The company is providing those individuals with free credit monitoring and identity restoration services.

The breach occurred at the end of May and Sony Group was added to Clop ransomware’s list of victims in June.

This is in addition to the Ransomed.vc attack where the hackers then issued a statement saying that they would sell the data and that if someone was interested in buying it, they had until September 28 to do so. That’s about three days after we first reported on the issue.

The next day, Sony issued a statement saying they were looking into it. Sony has not confirmed the breach but has said they are still investigating and believe operations weren't impacted.