PlayStation confirms data breach exposed 7,000 employees’ personal info

videogameschronicle.com:

Sony Interactive Entertainment has confirmed that around 6,800 current and former employees have had their personal information exposed.

As reported by BleepingComputer, the PlayStation maker has been contacting those affected and letting them know what happened.

According to Sony, the breach involved the MOVEit file transfer platform used by SIE employees, which is developed by third-party IT vendor Progress Software.

Progress announced on May 31 that it had discovered a vulnerability in MOVEit, but three days before this, an “unauthorised actor” had already used the vulnerability to download SIE files, accessing personal information for 6,791 current and former SIE employees based in the United States.

Sony claims the incident was limited to this particular software platform and had no impact on its other systems.

Notice: To display this embed please allow the use of Functional Cookies in Cookie Preferences.

“On June 2, 2023, SIE discovered the unauthorised downloads, immediately took the platform offline and remediated the vulnerability,” Sony says in a letter sent to the former employees whose data was accessed.

“An investigation was then launched with assistance from external cybersecurity experts. We also notified law enforcement.

“Once SIE identified the downloaded files, we began a process to determine what types of personal information were affected and to whom it relates. While we worked quickly, this was a time-consuming process, and we wanted to provide you accurate information.”

Sony is providing those affected with free credit monitoring and identity restoration services and asking them to keep an eye out for signs of identity theft or fraud.

The data was reportedly accessed by CL0P, a ransomware group that announced