Sony Confirms Two Security Breaches Affecting Employee Data

Sony has confirmed that it fell victim to not one but two security breaches since the end of May, adding that personal details of 6,791 individuals were compromised (via BleepingComputer).

Sony Logo

The first breach, discovered in June, occurred when the Clop ransomware group exploited a zero-day vulnerability in the MOVEit Transfer platform, used for secure file transfers.

MOVEit’s vendor, Progress Software, alerted Sony to the vulnerability on June 2, but the breach had already occurred by May 28.

Sony notified the Office of the Main Attorney General that all of 6,791 individuals affected are either current or former employees of Sony Interactive Entertainment in the United States.

The company has already taken steps to inform each affected person about the incident, detailing the nature of the personal and sensitive information that was exposed.

To mitigate the impact of this breach, Sony is also offering each affected individual 24 months of Equifax ID WatchDog or Complete Premier credit monitoring and identity restoration services.


The second breach, previously reported last month, was claimed by a new ransomware group known as This group asserted that they had stolen “all” of Sony’s data, but their provided sample lacked credibility.

Sony has now confirmed the occurrence of this second breach, stating:

“Sony has been investigating recent public claims of a security incident at Sony. We are working with third-party forensics experts and have identified activity on a single server located in Japan used for internal testing for the Entertainment, Technology, and Services (ET&S) business.

Sony has taken this server offline while the investigation is ongoing.”

In contrast to the significant PlayStation Network breach in 2011, this recent compromise appears to be more contained and not a direct fault of Sony.

Nevertheless, it underscores the importance of bolstering security measures, especially when using secure file transfer services, to protect employee data.

P.S. - Like our news? Support the site with a coffee/beer. Or shop with our Amazon link. We use affiliate links when possible--thank you for supporting independent media.