Sony Interactive Entertainment has officially acknowledged a data breach in June 2023, impacting 6,791 of its staff members and leading to the unauthorised disclosure of their personal information. The company has taken steps to notify the affected individuals and has pledged comprehensive support to assist them.
In late May, a data breach hit Sony, with unauthorised access on May 28, just three days before Progress Software, the makers of MOVEit, alerted Sony about the vulnerability. Sony took swift action, discovering the breach on June 2, 2023, leading to the exfiltration of 3.14GB of data from an internal testing server in Japan. In June, the ransomware group ClOp claimed responsibility for the attack.
The compromised data contains personally identifiable information about employees based in the US, and Sony has committed to providing credit monitoring services to those affected. The company has since taken corrective measures to rectify the issue.
Notably, Sony experienced another security incident late last month. The leaked data included information related to Sony’s SonarQube platform, Creators Cloud certificates, a device emulator used for generating licences, and more.
Sony is reportedly investigating the claims of a security breach. It is collaborating with third-party forensic experts and has identified suspicious activity on a single server situated in Japan, which was employed for internal testing within the entertainment, technology and services (ET&S) business division.
The server has been taken offline, and as of now, there is no indication that customer or business partner data was stored on this affected server, nor has there been any adverse impact on Sony’s overall operations.