Sony has confirmed a data breach due to a MOVEit vulnerability, which has impacted 6791 of its current and former employees or their family members.
Sony Interactive Entertainment LLC (“SIE”) has confirmed that it was the victim of a data breach due to MOVEit vulnerability. The data breach affected thousands of United States-based current and former employees or their family members.
In a data breach notification filed with the Office of the Maine Attorney General, Sony said that the attackers were able to gain unauthorized access to MOVEit servers and steal data that was being transferred through the tool.
The data breach occurred from May 28th to May 30th, 2023, and the stolen data included “names and other personal identifiers combined with Social Security Numbers (SSNs).”
Sony said that it has taken steps to mitigate the impact of the breach. The company is also offering credit monitoring and identity theft protection services to affected customers. In a notice to victims, Sony further explained the scope of the data breach stating:
“On June 2, 2023, SIE discovered the unauthorized downloads, immediately took the platform offline and remediated the vulnerability. An investigation was then launched with assistance from external cybersecurity experts. We also notified law enforcement.”
“Once SIE identified the downloaded files, we began a process to determine what types of personal information were affected and to whom it relates. While we worked quickly, this was a time-consuming process, and we wanted to provide you with accurate information.”
Sony Interactive Entertainment LLC (“SIE”)
This is the latest in a series of data breaches that have affected Sony in recent years. In 2014, Sony was hacked by North Korea, and the attackers stole a massive amount of data, including unreleased movies and TV shows.
MOVEit vulnerability – A Major Cybersecurity Treat
The MOVEit vulnerability is a serious threat to businesses that use the tool to transfer files. The impact of the vulnerability is significant. According to a report published in September this year, MOVEit vulnerability has affected over 900 schools in the United States, resulting in data breaches involving sensitive student information.
It’s important to highlight that the MOVEit vulnerability was extensively exploited by the notorious Cl0p ransomware gang. In July 2023, the group took the unusual step of publishing data stolen through this vulnerability on its clearnet website, instead of confining it to the dark web. Sony was among the victim companies listed on their website.
In response to the breach, Erfan Shadabi, Cybersecurity Expert at comforte AG (comforte.com) told Hackread.com that: “The MOVEit vulnerability exploited in this breach underscores the reality that security vulnerabilities can originate not only from internal lapses but also from third-party software or services integrated into an organization’s infrastructure.”
Shadabi also emphasized the importance of organizations understanding that their security measures should not only focus on their internal network but should also encompass any third-party services as well. “It’s crucial for organizations to recognize that their security posture extends beyond their immediate network and includes any third-party services or solutions they rely on.”
“Organizations should take this opportunity to reevaluate their security strategies, emphasizing data-centric approaches like tokenization to fortify their defences and protect sensitive information from potential breaches and their associated consequences. Safeguarding data is not just an IT concern but a critical business imperative in today’s digital landscape,” Shadabi advised.
Darren Guccione, CEO and Co-Founder of Keeper Security (keepersecurity.com) also warned about MOVEit vulnerability “As cyber teams continue to address the fallout from MOVEit, the news of another breach should serve as a wakeup call to every organisation that this serious zero-day vulnerability must be remediated immediately.”
Guccione also stressed the use of dark web monitoring services by organizations to scan the hidden side of the internet for leaked credentials and cybercrime forums. “There are proactive steps individuals impacted by the breach can take to limit the damage such as changing login info for their compromised accounts, utilising a dark web monitoring service to check for leaked credentials, monitoring or freezing their credit and practising good cyber hygiene.”
If you are a impacted by Sony data breach, you should be aware of the possibility that your data may have been compromised. You should monitor your accounts for any suspicious activity and change your passwords immediately. You should also contact Sony customer support for more information.
Nevertheless, businesses that use MOVEit should immediately patch their servers to fix the vulnerability. Businesses should also review their file transfer security policies to make sure that they are protecting their data from unauthorized access.