Sony Interactive Entertainment Notifies 6,800 Employees of Personal Data Compromise in Recent Breach

Sony Interactive Entertainment (SIE), a leading Japanese electronics company, has issued data breach notifications to approximately 6,800 individuals, including current and former employees, cautioning them about a recent cybersecurity breach that compromised their personal information.
Sony HQIn the official notice, the company stated, “We want to provide you with information about a cybersecurity event related to one of our IT vendors, Progress Software, that involved some of your personal information.” The breach was limited to Progress Software’s MOVEit Transfer platform, an IT vendor utilized by SIE and numerous other global enterprises.

The compromise reportedly occurred on May 28, following Progress Software’s disclosure of a newfound vulnerability in its MOVEit file transfer platform. On June 2, 2023, SIE identified unauthorized downloads and promptly took the platform offline, addressing the vulnerability. An investigation ensued, aided by external cybersecurity experts.

SIE emphasized that the incident was confined to the specific software platform and did not impact any of its other systems. Earlier, a ransomware group known as “Cl0p” had claimed responsibility for breaching a Sony server in June. Sony had initiated an investigation into a second breach the previous month, during which hackers accessed 3.14GB of data.

A company spokesperson clarified, “Sony has been investigating recent public claims of a security incident at Sony. We are working with third-party forensics experts and have identified activity on a single server located in Japan used for internal testing for the Entertainment, Technology and Services (ET&S) business.” The spokesperson also assured that there was no indication of customer or business partner data being stored on the affected server, and there was no adverse impact on Sony’s operations.

The incident underscores the critical importance of maintaining robust cybersecurity measures, particularly when it comes to safeguarding sensitive personal and organizational data.