Sony Falls Victim To CLop Ransom Attack

Uploaded on 2023-10-10 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The leading global technology firm Sony is not immune to cyber threats and the company has in the past faced multiple cyber-attacks, compromising millions of user data. Now, in a financial filing in the US state of Maine, Sony Interactive Entertainment has confirmed that the personal information of thousands of former and current employees was exposed as part of a cyber attack in June.

The company sent the data breach notification to about 6,800 individuals, confirming that the intrusion occurred after an unauthorised party exploited a zero-day vulnerability in the MOVEit Transfer platform.

The data breach was carried out by the Clop ransomware group and now Sony is contacting anyone affected and is offering credit monitoring and identity restoration services. In correspondence notifying affected individuals of the breach, Sony said it is "not aware of publication or misuse" of the personal details exposed during the hack.

The sensitive information was accessible through a (now-fixed) vulnerability in Sony's MOVEit file transfer platform, enabling an "unauthorised actor" to download the files containing personal information. 

Progress Software, the maker of MOVEit software, first identified the vulnerability three days after the attack, on 31st May. Sony discovered the unauthorised downloads on 2nd June and "immediately" took the platform offline. Sony then launched an investigation with external cybersecurity experts and notified law enforcement.

The Office of the Maine Attorney General has reported that 6,791 Sony people have been affected by the attack.

This is the second such data breach to affect Sony recently, following a different ransomware group, RANSOMEDVC, claimed that it had hacked Sony systems and was selling the data following the company's refusal to pay the $200k ransom demanded. 

Techmonitor:     Flashpoint:    Bleeeping Computer:   Eurogamer:   Maine.Gov.     Intl. Inst.Learning

 Hackread:      CoopWB:      Image: KD_ Buck

You Might Also Read: 

Shell Confirms Supply Chain Attack:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Police Access To Passport Database 'risks public trust'
Ten Reasons Your Enterprise Could Benefit From XDR Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Exploit Database (EDB)

Exploit Database (EDB)

The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers.

Radisys

Radisys

Radisys offers software, products, integrated systems, and professional services for communication service providers and telecom solution vendors.

RedSeal

RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events.

National Forensic Sciences University (NFSU)

National Forensic Sciences University (NFSU)

National Forensic Sciences University is the world’s first and only University dedicated to Digital Forensic and allied Sciences.

InGuardians

InGuardians

InGuardians is an independent information security consulting firm specializing in penetration testing, threat hunting, and hardware hacking.

Aligned Technology Solutions (ATS)

Aligned Technology Solutions (ATS)

ATS manage, monitor, and maintain everything from your network and servers to your workstations and mobile devices, and we do it proactively to eliminate downtime and keep hackers at bay.

Clear Thinking Solutions

Clear Thinking Solutions

Clear Thinking is an IT Solutions company specialising in secure & compliant technical services.

7layers

7layers

7layers has established itself as one of the world’s leading test house groups for mobile devices and the growing number of wireless devices, modules and chipsets.

CYMOTIVE Technologies

CYMOTIVE Technologies

Combining Israeli cyber innovation with a century of German automotive engineering. CYMOTIVE operates under the assumption that connectivity is a game changer for the automotive industry.

Deeper Network

Deeper Network

Deeper Network represents the world's first decentralized blockchain network for building a truly private, secure and fair Internet.

Hackurity.io

Hackurity.io

Hackurity.io is a high energy IT security start-up founded in 2021 out of the frustration that IT Security is highly fragmented and reactive.

AFRY

AFRY

AFRY is a world leading engineering company, trusted as a supplier of services and solutions within the industry, energy, and infrastructure sectors as well as for authorities.

Solcon Capital

Solcon Capital

Solcon Capital is a forward-looking, technology-focused investment firm that is committed to identifying and investing in the most promising areas of innovation and development in the tech industry.

Professional Labs

Professional Labs

Professional Labs specialize in simplifying complex problems for our customers with Cloud Services, Managed Services and Cyber Security.

ARGOS Cloud Security

ARGOS Cloud Security

ARGOS aims to simplify and strengthen cloud security, by creating a visual map of security vulnerabilities, to your priceless information stored in any cloud provider environment.

National Cybersecurity Competence Center (NC3) - Luxembourg

National Cybersecurity Competence Center (NC3) - Luxembourg

The purpose of the is to strengthen the Country's ecosystem facing cyber Luxembourg National Cybersecurity Competence Centerthreats and risks.