Sony Interactive Entertainment Employees Suffer Data Breach From Unauthorised Parties
A suspected ransomware group claimed responsibility for the data breach against the gaming division of the multimedia giant's video game division.
Sony's gaming arm, Sony Interactive Entertainment, notified current and former employees of a data breach that compromised information about the company's workforce.
According to the website BleepingComputer, information of at least 6,791 SIE employees was breached by an exploited vulnerability within the division's file transfer software on May 28. A ransomware collective only known as 'C1op' executed the attack.
Investigation findings
According to the notification sent by SIE to its employees, the PlayStation makers were only made aware of the vulnerability on June 2, three days after the breach was done. Progress Software uploaded a notice that disclosed a potential threat in their file transferring program, MOVEit.
MOVEit sees wide use between SIE's divisions as well as other enterprises and various government organisations. The same clients also suffered breaches similar to SIE.
The notification from SIE adds that they hired the services of an external cybersecurity party for investigations and potential damage control measures. The investigation uncovered that there were unauthorised downloads conducted through the MOVEit program. SIE took the file transfer platform down after the discovery and remediated the inherent security flaw.
SIE disclosed that no other internal systems or divisions were compromised by the attack and that the breach only affected files within the MOVEit program. They have also filed a report of the attack to authorities.
Sony commissioned Equifax's services to conduct free credit monitoring and identity restoration services for the employees affected by the cybersecurity breach.
A sample of SIE's notification for its employees was made available to the Office of the Maine Attorney General. However, personal information within the said document is redacted.
Twice in a year
This is Sony's second cybersecurity breach this year, all of which happened in a span of four months. At least two groups of hackers claimed responsibility for breaching around 3.14 GB worth of data from the Japanese multinational company late last month.
Initially, an extortion group named RansomedVC posted Sony's data on hacking forums. The group uploaded a 2 MB sample of the dataset, with the rest up for sale. RansomedVC claimed to BleepingComputer that they had at least 360 GB worth of data.
Not long after, a second party, known as MajorNelson, refuted RansomedVC's deeds in a forum for hackers and uploaded the aforementioned 3.14 GB dataset.
The dataset from Sony is said to contain information about the SonarQube platform, certificates, Creators Cloud, incident response policies, and a device emulator for generating licenses.
While definitive attribution as to which group was really responsible for the breach, Sony confirmed the leak through a spokesperson. A third-party cyber forensics group hired by Sony determined a single server in Japan used for internal testing detected suspicious activity.
Sony suffered its most prominent cyberattack back in 2014, when their film production studio in Hollywood, Sony Pictures Entertainment, was infiltrated by North Korean hackers to prevent the screening of The Interview.
The comedy film starring James Franco and Seth Rogen was about an attempted assassination against North Korean leader Kim Jong-Un, played by Randall Park.
Subsequently last September, current SIE president Jim Ryan announced his retirement from the company and will leave his post on March 2024.