By Noah Stiles
October 5, 2023
In a concerning revelation, Sony Interactive Entertainment (Sony) has confirmed a data breach affecting thousands in the U.S. This breach exposed personal information of both current and former employees, as well as their family members.
The breach was a result of an unauthorized party exploiting a zero-day vulnerability in the MOVEit Transfer platform, known as CVE-2023-34362. This vulnerability allowed remote code execution and was utilized by the Clop ransomware gang, which added Sony to its list of victims.
The breach occurred on May 28, but Sony only discovered it on June 2, prompting them to take immediate action by shutting down the affected platform and remediating the vulnerability. An investigation, assisted by external cybersecurity experts, was launched, and law enforcement was notified.
Fortunately, Sony has confirmed that the breach was isolated to the specific software platform and did not affect any other systems. However, the personal information of 6,791 individuals in the U.S. was compromised. Sony is now providing affected individuals with credit monitoring and identity restoration services through Equifax, available until February 29, 2024.
This incident is Sony’s second security breach in the last four months, underscoring the importance of robust cybersecurity measures in today’s digital landscape.
Stay informed as this story unfolds, emphasizing the significance of data security in our increasingly connected world.