Sony Falls Victim To CLop Ransom Attack

The leading global technology firm Sony is not immune to cyber threats and the company has in the past faced multiple cyber-attacks, compromising millions of user data. Now, in a financial filing in the US state of Maine, Sony Interactive Entertainment has confirmed that the personal information of thousands of former and current employees was exposed as part of a cyber attack in June.

The company sent the data breach notification to about 6,800 individuals, confirming that the intrusion occurred after an unauthorised party exploited a zero-day vulnerability in the MOVEit Transfer platform.

The data breach was carried out by the Clop ransomware group and now Sony is contacting anyone affected and is offering credit monitoring and identity restoration services. In correspondence notifying affected individuals of the breach, Sony said it is "not aware of publication or misuse" of the personal details exposed during the hack.

The sensitive information was accessible through a (now-fixed) vulnerability in Sony's MOVEit file transfer platform, enabling an "unauthorised actor" to download the files containing personal information. 

Progress Software, the maker of MOVEit software, first identified the vulnerability three days after the attack, on 31st May. Sony discovered the unauthorised downloads on 2nd June and "immediately" took the platform offline. Sony then launched an investigation with external cybersecurity experts and notified law enforcement.

The Office of the Maine Attorney General has reported that 6,791 Sony people have been affected by the attack.

This is the second such data breach to affect Sony recently, following a different ransomware group, RANSOMEDVC, claimed that it had hacked Sony systems and was selling the data following the company's refusal to pay the $200k ransom demanded. 

Techmonitor:     Flashpoint:    Bleeeping Computer:   Eurogamer:   Maine.Gov.     Intl. Inst.Learning

 Hackread:      CoopWB:      Image: KD_ Buck

You Might Also Read: 

Shell Confirms Supply Chain Attack:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Police Access To Passport Database 'risks public trust'
Ten Reasons Your Enterprise Could Benefit From XDR Security »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The Josef Group (TJG)

The Josef Group (TJG)

The Josef Group Inc. is a certified woman-owned permanent staffing agency specializing in Information Technology, Engineering, and US Government "cleared" IT candidates.

CybelAngel

CybelAngel

CybelAngel is a leading digital risk protection platform that detects and resolves external threats before these wreak havoc.

CyberPrism

CyberPrism

CyberPrism provides SaaS solutions using proprietary technology, underpinned by industry-leading technical practitioners to protect OT within Government, Maritime and Industrial markets.

IPN (ICT Research Platform Nederlands)

IPN (ICT Research Platform Nederlands)

IPN promotes academic research and education in the ICT field by building and maintaining a national community, and by developing policy to advance the field. Areas of focus include Cyber Security.

HCL Technologies

HCL Technologies

HCL offer an integrated portfolio of products, solutions and services built around Digital, IoT, Cloud, Automation, Cybersecurity, Analytics, Infrastructure Management and Engineering Services.

Mitre

Mitre

At Mitre we work across government to tackle challenges to the safety, stability, and well-being of our nation. Areas of expertise include Cybersecurity.

Point Predictive

Point Predictive

Point Predictive build Predictive Models using Artificial Intelligence and Machine Learning techniques that help our customers stop fraud and early payment default (EPD).

ContraForce

ContraForce

ContraForce is a threat detection and response software providing complete visibility across cloud, network, endpoints, user, and email with the ability to target and block threats in real-time.

Kintent

Kintent

With Kintent, compliance becomes a habit, is simple to understand and achieve, and is continuously testable so that your customers can see that you are adhering to all your trust obligations.

Neosec

Neosec

We’re reinventing API security. Understanding behavior requires data, analytics, and intelligence. Neosec brings XDR techniques to application security.

NANDoff Data Recovery

NANDoff Data Recovery

NANDoff is a flat rate data recovery service. We serve the electronics industry around the globe 24/7.

Tsaaro Academy

Tsaaro Academy

Tsaaro Academy is a unique privacy certification training platform and here you earn a privacy certification CEH, CISM and DPO from India’s No.1 Privacy training platform.

Cypfer

Cypfer

CYPFER is a global market leader in ransomware post-breach remediation and cyber-attack first response.

ITRM

ITRM

ITRM are one of the UK’s top managed service providers and offer a range of award-winning IT solutions, from ad-hoc consultancy to cyber security.

Cloudbox

Cloudbox

Cloudbox build and maintain a highly secure, compliant IT infrastructure for our clients – with total peace of mind – so they can focus on the market.

IntelliBridge

IntelliBridge

IntelliBridge supports our nation’s most critical missions by solving complex technology, intelligence, and mission support challenges.