Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







Sony’s MOVEit Breach: Employee Data Exposed

Executive Summary

Sony Interactive Entertainment (SIE) disclosed a cybersecurity breach involving Progress Software’s MOVEit Transfer platform. The breach exposed personal information of 6,791 current and former U.S. employees and their families. The Cl0p ransomware group, linked to Russia, claimed responsibility for the attack and stole data from Sony in June.

Another recent Sony breach allegedly resulted in the theft of 3.14 GB of data from the company’s systems.

The MOVEit attacks have affected various organizations, including TD Ameritrade, schools, American Airlines, TJX, TomTom, Pioneer Electronics, Autozone, Johns Hopkins University, and Health System.

The Cl0p ransomware group publicly released stolen data, including Sony-related information, on their Clearnet website.

What Happened

Progress Software discovered the vulnerability on May 31, 2023, and an unauthorized actor exploited it on May 28 to access Sony Interactive Entertainment (SIE) files on the MOVEit platform. SIE promptly detected the breach on June 2, took the platform offline, and resolved the issue. The breach was limited to the MOVEit Transfer platform and did not impact other systems.

According to the data breach notice, the compromise happened on May 28, three days before Sony learned about the flaw from Progress Software. The intrusion occurred after an unauthorized party exploited a zero-day vulnerability in the MOVEit Transfer platform, specifically a critical-severity SQL injection flaw identified as CVE-2023-34362. This vulnerability, with a CVSS of 9.8, allowed for remote code execution and was leveraged by the Cl0p ransomware gang in large-scale attacks that compromised numerous organizations worldwide.

In addition to promptly addressing the breach by taking the platform offline and remediating the vulnerability, Sony launched an investigation with the assistance of external cybersecurity experts and notified law enforcement. They have confirmed that the incident was limited to the particular software platform and did not have an impact on any of their other systems.

Sony has taken steps to mitigate the impact of the breach, including enhancing system monitoring and implementing additional preventive measures. They are also providing Equifax Complete Premier credit monitoring and identity restoration services to the affected individuals.

Recent Security Breach at Sony

Sony has recently experienced another data breach, allegedly involving the theft of 3.14 GB of data from the company’s systems. The Cl0p ransomware group claimed responsibility for the attack and obtained data from Sony.

The leaked dataset contained information related to the SonarQube platform, certificates, Creators Cloud, incident response policies, and a device emulator for generating licenses.

A spokesperson from Sony has provided the following explanation regarding the breach:

Sony has been investigating recent public claims of a security incident at Sony. We are working with third-party forensics experts and have identified activity on a single server located in Japan used for internal testing for the Entertainment, Technology and Services (ET&S) business.

Sony has taken this server offline while the investigation is ongoing. There is currently no indication that customer or business partner data was stored on the affected server or that any other Sony systems were affected. There has been no adverse impact on Sony’s operations.

About MOVEit Attacks

The ongoing MOVEit attacks have had a significant impact on various organizations.

Some of the affected organizations include TD Ameritrade, schools, American Airlines, TJX, TomTom, Pioneer Electronics, Autozone, Johns Hopkins University, and Health System.

These organizations have experienced data breaches and have had sensitive information compromised as a result of the MOVEit attacks. The Cl0p ransomware group, responsible for the attacks, has publicly released the stolen data, including information related to Sony, on their Clearnet website.

Please see our previous news for more information about the MOVEit attacks:

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.