Sony Interactive Entertainment Warns of Data Breach, Affecting Thousands
Japanese electronic giant Sony Interactive Entertainment (SIE) has issued data breach notifications to approximately 6,800 current and former employees, alerting them to a recent system breach that compromised their personal information.
In the notices sent out, SIE stated, “We want to provide you with information about a cybersecurity event related to one of our IT vendors, Progress Software, that involved some of your personal information.” The breach was limited to Progress Software’s MOVEit Transfer platform and did not impact other SIE systems.
According to the data breach notification, the breach occurred on May 28. Progress Software had discovered a vulnerability in its MOVEit file transfer platform, which is used by SIE and numerous other enterprises globally. SIE detected the unauthorized downloads on June 2, promptly took the platform offline, and remediated the vulnerability. An investigation was initiated with assistance from external cybersecurity experts.
SIE emphasized that the breach was specific to the software platform and did not affect any other SIE systems. In June, a ransomware group called “Cl0p” claimed responsibility for breaching a Sony server. Additionally, Sony initiated an investigation into a separate breach last month in which hackers gained access to 3.14GB of data.
Sony is working with third-party forensics experts and has identified activity on a single server in Japan used for internal testing for the Entertainment, Technology and Services (ET&S) business. However, there is no indication that customer or business partner data was stored on the affected server, and no adverse impact on Sony’s operations has been reported.
The incident underscores the ongoing challenges posed by cyber threats, prompting companies like Sony to take swift action to address breaches and safeguard sensitive information.
