Over 6,000 individuals hit in Sony data breach: reports

Breach stems from exposed vulnerability with IT vendor

Over 6,000 individuals hit in Sony data breach: reports

About 6,800 individuals connected to Sony Interactive Entertainment (SIE) had their personal information compromised after a data breach early this year hit one of the organisation's IT vendors.

A total of 6,791 individuals were affected, including current and former employees, as well as their family members, according to the notification letter by Sony.

The letter informed the affected individuals of the compromised personal information, which the Office of the Maine Attorney General censored when it published the notification last week.

Sony said it was not aware if the compromised personal information has been published or misused elsewhere, as per the letter.

Events of the breach

According to Sony, the cybersecurity event was related to one of its IT vendors, Progress Software, and its MOVEit Transfer platform.

Progress Software said on May 31, 2023, that it found vulnerability in the said platform, which is used by Sony and thousands of other enterprises worldwide.

Prior to the announcement, however, an authorised actor used this vulnerability on May 28 to download Sony's files that were stored in the MOVEit platform.

Sony discovered the unauthorised downloads on June 2, and immediately took the platform offline and remediated the vulnerability.

"An investigation was then launched with assistance from external cybersecurity experts. We also notified law enforcement," Sony said in the letter.

"In addition to immediately remediating the vulnerability, SIE has increased the monitoring of its systems and is taking other steps to reduce the risk of this type of cyber event occurring in the future."

The Verge reported that ransomware group known as Cl0p took responsibility for this data breach.

Sony's post-breach actions

According to Sony, they launched a "time-consuming process" that determined what personal information were affected and to whom it related after they identified the downloaded files.

Affected employees have been offered a complimentary Equifax Complete Premier credit monitoring and identity restoration services, according to Sony.

It also urged affected individuals to monitor potential unauthorised transactions.

"It is always a good idea to remain vigilant against threats of identity theft or fraud and to review and monitor your account statements and credit history for any signs of unauthorised transactions or activity regularly," Sony said.

Recent articles & video

Join us for an unforgettable night at the Australian HR Awards 2024

'Right to disconnect' hits Australia: Everything you need to know about new legislation

Request for additional training leads to 'forced resignation'

Ex-director dismissed at 76 years old, cries unfair dismissal

Most Read Articles

'Right to disconnect' hits Australia: Everything you need to know about new legislation

Director 'forces’ manager to leave before end of notice period: Is it dismissal?

FWC awards compensation despite worker's poor performance, attendance