Sony Interactive Entertainment has confirmed a cybersecurity breach has compromised the personal information of 6,800 current and former employees.
According to a letter the company shared with impacted individuals, and as first reported by Bleeping Computer, the file transfer app MOVEit was the source of the breach. The letter, dated October 3rd, redacted what personal information the breach compromised.
Ransomware group CL0P has claimed responsibility for the attack. According to the letter, the attack occurred on May 28th, and Progress Software, MOVEit’s vendor, notified Sony on May 31st. Sony says it discovered unauthorized downloads on June 2nd.
“[Sony] immediately took the platform offline and remediated the vulnerability. An investigation was then launched with assistance from external cybersecurity experts. We also notified law enforcement.”
This is the second data breach Sony has been part of in recent weeks. The company launched an investigation into a breach involving 3.14 GB of data in late September. Sony confirmed to Bleeping Computer the impacted server is located in Japan and is used for internal testing relating to its Entertainment, Technology, and Services business.