Sony is supporting the 6,791 employees whose personal information was revealed as a result of a cyberattack earlier this year with credit monitoring and identity restoration services.
Though it is “not aware of publication or misuse” of the personal information, Sony enlisted external cybersecurity experts to understand the extent of the breach in June. It also sought the assistance of law enforcement.
Bleeping Computer‘s report claimed that this was the work of the ransomware gang Clop who were able to “[exploit] a zero-day vulnerability in the MOVEit Transfer platform.”
MOVEit is a file transfer program from developer Progress Software, who notified users of the vulnerability three days after the attack, on May 31.
Sony then realised that it had been hit in the attack by Clop and “immediately” pulled its MOVEit offline to investigate how damaging the hack had been.
Though it wasn’t able to pinpoint the precise date of the event, the Office of the Maine Attorney General confirmed that names and social security numbers of the 6,791 people who work for Sony were lifted in the security breach.
In September, Sony was hit with another attack from another ransomware group.
Ransomed.vc self-describes as a “leading company in digital peace tax” and attempts to scare companies into paying the ransom for their stolen sensitive files over paying a data protection fine from regulators.
The group had not specified what it was able to source from its hack, however, Sony was “currently investigating the situation” and added that there was “no further comment at this time”.
In other gaming news, Dino Lords is an upcoming historical simulation game that imagines an alternate timeline where Scandinavians used dinosaurs in the viking invasion of Britain.