Sony Interactive Entertainment has confirmed that approximately 6,800 current and former employees had their personal data exposed. According to Sony, the hack affected the MOVEit file transfer platform used by SIE employees, which was developed by third-party company Progress Software.
Progress announced on May 31 that it had discovered a vulnerability in MOVEit, but three days earlier an “unauthorized actor” exploited the vulnerability to download SIE files, accessing the personal information of 6,791 current and former SIE employees in the United States.
“On June 2, 2023, SIE detected the unauthorized downloads, immediately took the platform offline, and remedied the vulnerability,” Sony said in a letter sent to former employees whose data was stolen.
“An investigation was subsequently opened with assistance External cybersecurity experts. We also informed the police. Once SIE identified the downloaded files, we began a process to determine the types of personal information affected and who was associated with it. While we worked quickly, this was a time-consuming process and we wanted to provide you with accurate information.”
Sony provides it to those affected Free services Credit monitoring and identity restoration programs are required to watch for signs of identity theft or fraud.
“Incurable internet trailblazer. Troublemaker. Explorer. Professional pop culture nerd.”