View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 5, 2023

More than 6,000 Sony employees hit in MOVEit Transfer breach

The company is one of many to be feeling the effects of the ongoing attacks by ransomware gang Cl0p.

By Claudia Glover

Sony has admitted that data on more than 6,000 past and present employees has been exposed in a cyberattack. The company experienced the data breach earlier this year as a result of the MOVEit Transfer vulnerability, a flaw in a popular file transfer platform which was exploited by Russian ransomware gang Cl0p to attack businesses around the world.

Sony
Sony discloses MoveIt Transfer hack. (Photo by Sundry Photography/Shutterstock)

The notification comes weeks after a second alleged cyberattack against the company by the Ransomedvc gang

Sony has written to those affected by the breach, explaining the risks of the data loss and what mitigatory efforts the company has put in place to minimise the consequences of the incident.

“We want to provide you with information about a cybersecurity event related to one of our IT vendors, Progress Software, that involved some of your personal information,” the breach letter says. “This event was limited to Progress Software’s MOVEit Transfer platform and did not impact any of our other systems.”

The company does not know whether the information has been released onto the dark web. “We are not aware of publication or misuse of your personal information,” it says, but nonetheless is “offering complimentary Equifax Complete Premier credit monitoring and identity restoration services”, to those impacted.

A breach notification was submitted to the Office of the Maine Attorney General on Tuesday, explaining that the exact number of those affected is 6,791 and that in some cases the social security numbers of staff were accessed by the cybercriminal gang. 

Sony’s cybersecurity strife

Sony is far from the only business to have fallen victim to the MOVEit Transfer vulnerability, which has caused chaos for security teams around the globe, affecting over 62 million individuals in 2,000 organisations. Companies affected by the hack include PwC, Siemens Energy and Sneider Electric, Vitesco Technologies and the Discovery Channel.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

News of the breach notification comes a week after Ransomedvc announced it had hacked Sony, and said it planned to release stolen data on the dark web because the company had not paid a ransom demand.

The gang wrote on its blog that it has “successfully compromised all of Sony’s systems,” but added, “we won’t ransom them!”

Samples of the data have been posted alongside these claims, reportedly featuring a PowerPoint presentation from Sony’s quality assurance division, internal screenshots displaying what could be a Sony workstation, and some Java files. 

Read more: Red Cross releases cyber warfare rules for hacktivists

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU