Sony has confirmed the extent of the damage done during a cyber attack back in June; the personal information of 6,791 current and former employees has been leaked. Ransomware group Clop is behind the attack, according to Bleeping Computer.
The company is reaching out to those affected, offering credit monitoring and identity restoration services. Sony says it's "not aware of publication or misuse" of any of the leaked information.
The attack took advantage of a weakness in Progress Software's MOVEit file transfer platform. Though the issue has since been resolved, Clop was able to download personal files and cause the data breach. It seems the attack affects many more companies than just Sony.
This incident is unrelated to the recently reported hack of "all Sony systems" by a different ransomware group, Ransomed.vc, meaning the company has had to deal with two (publicly, at least) cyber attacks this year. Sony is "currently investigating" the Ransomed.vc attack.
[source bleepingcomputer.com, via eurogamer.net]
Comments 11
@BeerIsAwesome I read earlier that the other hack we heard about last week only gained access to an internal testing server and nothing else.
No customer, employee or partner data affected.
At the time it even seemed like those hackers probably knew they didn't have much so they were trying to start a panic for the exposure.
Sony would be breaking several very serious UK laws if it is knowingly hiding the fact that customer details are at risk. Not to mention the severe damage to their reputation.
It is my opinion therefore that we are safe. And remember people: you are at risk from a hack to any company that has your details it is not just a Sony problem. The only way around that is to leave the 21st century i'm afraid.
I don't think customer data was taken BUT they wouldn't be the first company to keep that part quiet for a while ..... after all the shareholders are the ones that matter to companies,wouldn't want them to get annoyed now would they
My uncle gunna be pi$$ed!!!
@BeerIsAwesome the hack only affects ex-staff from America, no customer details involved. There are no GDPR laws in America, State law would be what covers data breaches if such a law exists in that State.
The servers weren't patched 3 days later, the hack occurred on 28th May, Sony were informed of the vulnerability in the platform MOVEit by Progress Software, the company that owns the platform Sony uses, 3 days later and Sony found the hack on the 2nd June.
Apparently all that information was too much trouble to include in this article.
I wonder if "currently investigating" ever means something other than a bunch of executives running in circles muttering "oh crap, oh crap". It's not like they're going to avoid any of this stuff being sold or leaked.
Jeez whenever something gets hacked ur info is screwed my mother had to change her credit card 3 times with left and I've had my card information stolen from psn like twice already smh
@LifeGirl How do I go back to the 90s? Sign me up haha
Can these hackers do something useful and leak Factions 2
To me that is worse than customer data as they likely have socials and perhaps even other family members (emergency contacts/beneficiaries) listed. Those people can get their entire lives ruined very easily. I hope that they are able to get through this.
I hate and I say it again I hate folks that steal! Weather it be physicall goods our your identity or anything for that matter! I hope the folks that did this get caught and are prosecuted to the fullest extent of the law..
Show Comments
Leave A Comment
Hold on there, you need to login to post a comment...