PlayStation confirms data breach exposed 7,000 former and current employees’ personal info. No impact on its other systems.

Gamernyc78

MuscleMod
Moderating
28 Jun 2022
20,386
16,652

Sony Interactive Entertainment has confirmed that around 6,800 current and former employees have had their personal information exposed.

As reported by BleepingComputer, the PlayStation maker has been contacting those affected and letting them know what happened.

According to Sony, the breach involved the MOVEit file transfer platform used by SIE employees, which is developed by third-party IT vendor Progress Software.

Progress announced on May 31 that it had discovered a vulnerability in MOVEit, but three days before this, an “unauthorised actor” had already used the vulnerability to download SIE files, accessing personal information for 6,791 current and former SIE employees based in the United States.

Sony claims the incident was limited to this particular software platform and had no impact on its other systems.

On June 2, 2023, SIE discovered the unauthorised downloads, immediately took the platform offline and remediated the vulnerability,” Sony says in a letter sent to the former employees whose data was accessed.

“An investigation was then launched with assistance from external cybersecurity experts. We also notified law enforcement.

“Once SIE identified the downloaded files, we began a process to determine what types of personal information were affected and to whom it relates. While we worked quickly, this was a time-consuming process, and we wanted to provide you accurate information.”

Sony is providing those affected with free credit monitoring and identity restoration services and asking them to keep an eye out for signs of identity theft or fraud.

The data was reportedly accessed by CL0P, a ransomware group that announced in late June that it had accessed Sony employee information.

Last month, a separate ransomware group claimed to have successfully breached Sony Group and was threatening to sell a cache of data stolen from the Japanese company. Sony said it was investigating the situation.

A Sony spokesperson said at the time: “Sony has been investigating recent public claims of a security incident at Sony. We are working with third-party forensics experts and have identified activity on a single server located in Japan used for internal testing for the Entertainment, Technology and Services (ET&S) business.

“Sony has taken this server offline while the investigation is ongoing. There is currently no indication that customer or business partner data was stored on the affected server or that any other Sony systems were affected. There has been no adverse impact on Sony’s operations
 
OP
OP
Gamernyc78

Gamernyc78

MuscleMod
Moderating
28 Jun 2022
20,386
16,652
So some type of breach did happen but systems weren't affected.
 
OP
OP
Gamernyc78

Gamernyc78

MuscleMod
Moderating
28 Jun 2022
20,386
16,652
This was the blowup on Twitter about potentially Playstation being compromised 😒 oh please.
 

Yurinka

Veteran
VIP
21 Jun 2022
7,716
6,602
What kind of things they can do with that info anyway? It still sucks tho.
They try to sell it for a high price, or ask for a ransom to the victim company. And if nobody pays or it I assume they end releasing it for free at least partially to brag about having done it showing evidence.
 
  • sad
Reactions: Gods&Monsters