Sony has confirmed that it suffered a data breach, impacting thousands of current and former employees’ personal data.
According to BleepingComputer, Sony Interactive Entertainment sent a notice to both current and former employees to inform them that a data breach compromised their information.
We are writing to you as we believe you are a former employee of Sony Interactive Entertainment (“SIE”) or are a family member of a current or former employee of SIE. We want to provide you with information about a cybersecurity event related to one of our IT vendors, Progress Software, that involved some of your personal information. This event was limited to Progress Software’s MOVEit Transfer platform and did not impact any of our other systems. Please read this notice carefully, as it provides information on what happened and what we are doing, as well as information on how you can obtain complimentary credit monitoring and identity restoration services
Sony says the breach was the result of a MOVEit vulnerability.
On May 31, 2023, Progress Software announced a newly discovered vulnerability in its MOVEit file transfer platform, which is used by SIE and thousands of other enterprises around the world. On May 28, 2023, before Progress Software announced the vulnerability and we became aware of it, an unauthorized actor used the vulnerability to download some SIE files stored on our MOVEit platform. On June 2, 2023, SIE discovered the unauthorized downloads, immediately took the platform offline and remediated the vulnerability. An investigation was then launched with assistance from external cybersecurity experts. We also notified law enforcement
The company knows what data was accessed, but that information is censored in the publicly available copy of the notice.