Sony‘s game division this week notified about 6,800 current and former employees, as well as affected family members, that their personal info may have been exposed in a hack earlier this year.
The news was first reported by Bleeping Computer. Sony Interactive Entertainment did not immediately respond to a request for comment.
Information about Sony’s notice to consumers about the breach, dated Oct. 3, was posted on the website of the Maine attorney general. There were no details on what personal information may have been accessed in the attack.
Here’s what happened, according to the company: On May 31, 2023, Progress Software announced a newly discovered vulnerability in its MOVEit file transfer platform, which is used by Sony Interactive Entertainment — and hundreds of other businesses and government organizations, many of which have also reported security breaches from a subsequent cyberattack.
Three days prior, on May 28, “an unauthorized actor used the vulnerability to download some SIE files stored on our MOVEit platform,” Sony Interactive Entertainment said in notices to affected individuals. On June 2, the company identified the security breach and “immediately took the platform offline and remediated the vulnerability”; it also notified law enforcement of the incident. Sony Interactive Entertainment is offering free Equifax credit-monitoring and identity restoration services to those affected by the breach, per the notifications.
A ransomware group known as “Cl0p” has claimed responsibility for the cyberattacks exploiting the vulnerability in Progress Software’s MOVEit and has leaked some of the compromised data.
Separately, last week Sony announced that Jim Ryan, president and CEO of Sony Interactive Entertainment, is retiring after almost three decades with the PlayStation business. Ryan will depart the company in March 2024, and SIE will be led on an interim basis by Sony president, COO and CFO Hiroki Totoki.
In 2014, Sony Pictures Entertainment fell victim to a massive data breach and cyberattack that disabled many of its internal system. The U.S. Justice Department in 2021 charged three North Korean nationals of perpetrating the 2014 hack.