Sony confirms data breach impacting thousands of workers

ID theft
Image credit: Pixabay (Image credit: Future)

Sony has confirmed reports that sensitive data from current and former employees had been stolen by outside forces.

In a breach notification letter sent out to affected individuals, Sony said that hackers leveraged a flaw in the MOVEit managed file transfer software to steal sensitive personal information belonging to them, or possibly their family members. 

As per the letter, the attack occurred on May 28, mere days before Progress - the company behind MOVEit - started warning its clients of a high-severity flaw in the application. 

List of victims grows

“On June 2, 2023, [Sony] discovered the unauthorized downloads, immediately took the platform offline, and remediated the vulnerability,” the letter added. “An investigation was then launched with assistance from external cybersecurity experts. We also notified law enforcement,” Sony concluded.

While the company stressed that the breach was contained in this software platform and did not spill elsewhere on its network, it seems to have been enough, as sensitive data on 6,791 people in the U.S. was taken by a Russian financially motivated ransomware actor known as Cl0p.

In the meantime, Cl0p already listed Sony on its data leak site, and started selling the stolen goods, meaning that Sony wasn’t interested in negotiations or paying the ransom demand. In the ad posted on the dark web, a threat actor going by the name posted a small sample of the data, including screenshots of an internal log-in page, an internal PowerPoint presentation, and some Java files. In the ad, it was said that “all of Sony systems” were compromised. 

Cl0p breaching MOVEit MFT is slowly turning into one of the biggest cyber mess-ups of all time, up there with the likes of Log4j and GoAnywhere. MOVEit is a managed file transfer service, a tool used by organizations to share sensitive information - securely. The tool is used by countless organizations, including small and medium-sized firms, but also large organizations and enterprises. Cl0p has so far listed hundreds of firms whose data were stolen through a single vulnerability, a critical-severity SQL injection flaw tracked as CVE-2023-34362. It allowed Cl0p to remotely run code on vulnerable endpoints.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.