Sony has admitted that data on more than 6,000 past and present employees has been exposed in a cyberattack. The company experienced the data breach earlier this year as a result of the MOVEit Transfer vulnerability, a flaw in a popular file transfer platform which was exploited by Russian ransomware gang Cl0p to attack businesses around the world.
The notification comes weeks after a second alleged cyberattack against the company by the Ransomedvc gang
Sony has written to those affected by the breach, explaining the risks of the data loss and what mitigatory efforts the company has put in place to minimise the consequences of the incident.
“We want to provide you with information about a cybersecurity event related to one of our IT vendors, Progress Software, that involved some of your personal information,” the breach letter says. “This event was limited to Progress Software’s MOVEit Transfer platform and did not impact any of our other systems.”
The company does not know whether the information has been released onto the dark web. “We are not aware of publication or misuse of your personal information,” it says, but nonetheless is “offering complimentary Equifax Complete Premier credit monitoring and identity restoration services”, to those impacted.
A breach notification was submitted to the Office of the Maine Attorney General on Tuesday, explaining that the exact number of those affected is 6,791 and that in some cases the social security numbers of staff were accessed by the cybercriminal gang.
Sony’s cybersecurity strife
Sony is far from the only business to have fallen victim to the MOVEit Transfer vulnerability, which has caused chaos for security teams around the globe, affecting over 62 million individuals in 2,000 organisations. Companies affected by the hack include PwC, Siemens Energy and Sneider Electric, Vitesco Technologies and the Discovery Channel.
News of the breach notification comes a week after Ransomedvc announced it had hacked Sony, and said it planned to release stolen data on the dark web because the company had not paid a ransom demand.
The gang wrote on its blog that it has “successfully compromised all of Sony’s systems,” but added, “we won’t ransom them!”
Samples of the data have been posted alongside these claims, reportedly featuring a PowerPoint presentation from Sony’s quality assurance division, internal screenshots displaying what could be a Sony workstation, and some Java files.