PlayStation maker victimized in MOVEit Transfer breach

Sony Interactive Entertainment (SIE), a Sony branch responsible for developing PlayStation consoles, said that thousands of its former employees had their data exposed in the largest breach of 2023.

SIE sent thousands of breach notifications to its current and former employees, saying their personal details might have been exposed in the MOVEit Transfer attacks.

According to the letter, former employees and family members of current or former employees were exposed. The attacks were carried out by the Cl0p ransomware gang, a Russia-linked cybercrime cartel that took credit for exploiting a zero-day bug in MOVEit Transfer, a file-transferring software. The gang claimed it stole Sony data back in June.

The PlayStation maker said that the hack only affected the MOVEit Transfer platform and did not impact SIE’s or any other related systems. The company said it only became aware of the attacks after Progress Software, a US-based company behind the affected platform, publicly disclosed the bug.

“On June 2nd, 2023, SIE discovered the unauthorized downloads, immediately took the platform offline, and remediated the vulnerability,” SIE’s letter says.

Information that SIE provided to the Maine Attorney General reveals that the attackers accessed individuals’ Social Security numbers (SSNs). 6,791 people were impacted by the Cl0p attacks.

Losing SSNs poses significant risks, as impersonators can use stolen data in tandem with names and driver’s license numbers for identity theft.

However, the company said that it will provide people affected by the breach with complimentary credit monitoring and identity restoration services. People whom the attack may have impacted are advised to stay vigilant and review and monitor account statements and credit history.

SIE is a multinational video game and digital entertainment company headquartered in California, USA. It was created in 2016 after a merger between Sony Computer Entertainment and Sony Network Entertainment International. In 2022, SEI enjoyed revenue exceeding $26 billion and employed over 12,000 people.

In late September, attackers said they compromised the systems of Sony Group Corporation. At the time, the company told Cybernews it was “investigating the situation.”

MOVEit Transfer attacks

Earlier this year, Cl0p exploited a now-patched zero-day bug in MOVEit Transfer software, allowing attackers to access and download the stored data. According to the company, it disclosed the vulnerability on May 31, and deployed a patch the same day.

Cl0p goes by a few different names. People in the cyber industry know the syndicate as TA505, Lace Tempest, Dungeon Spider, and FIN11. The gang is quite old, having been first observed back in 2019.

Earlier this summer, Cybernews received evidence that one of the Cl0p ransomware strain developers was in the city of Kramatorsk in Eastern Ukraine, on the front line of the Russia-Ukraine war.

Recent reports into how the gang distributes stolen data indicate that cybercrooks employ virtual private server (VPS) hosting services, with servers physically located in Russia’s two largest cities: Moscow and Saint Petersburg.

Numerous well-known organizations have had their clients exposed in the MOVEit attacks. For example, TD Ameritrade, a US stockbroker, reported that over 60,000 of its clients were exposed, with Cl0p taking the financial account data of some.

Other named victims include American Airlines, TJX off-price department stores, TomTom, Pioneer Electronics, Autozone, Johns Hopkins University and Health System, Warner Bros Discovery, AMC Theatres, Choice Hotels’ Radisson Americas chain, and Crowe accounting advisory firm.