Sony Interactive Entertainment (SIE) warned approximately 6,800 current and former employees that their personal information had been breached. This is according to a letter seen by the Bleeping Computer server. The company did not disclose what data was stolen by the hackers, but said the source of the breach was a file transfer app called MOVEit. Hackers reportedly gained access to personal information about US employees.
The May 28th attack was claimed by a group called CL0P, but MOVEit’s vendor, Progress Software, informed Sony that the attack did not occur until May 31st. “On June 2, 2023, we discovered that an unauthorized download had occurred and immediately took the platform down,” Sony said in a letter to employees. “An investigation was then launched with the help of external cyber security experts. We have also informed the law enforcement authorities.”
This is the second attack on Sony operations in the past two weeks. In the second case hackers gained access to servers in Japan, which were used for internal testing for the entertainment, technology and services division, and stole a total of 3.14 GB of data. Groups named Ransomed.vc and MajorNelson claimed responsibility for the attack. Sony said it was investigating the attack, adding that there had been no negative impact on the company’s operations.