Sony Falls Victim To CLop Ransom Attack

Uploaded on 2023-10-10 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The leading global technology firm Sony is not immune to cyber threats and the company has in the past faced multiple cyber-attacks, compromising millions of user data. Now, in a financial filing in the US state of Maine, Sony Interactive Entertainment has confirmed that the personal information of thousands of former and current employees was exposed as part of a cyber attack in June.

The company sent the data breach notification to about 6,800 individuals, confirming that the intrusion occurred after an unauthorised party exploited a zero-day vulnerability in the MOVEit Transfer platform.

The data breach was carried out by the Clop ransomware group and now Sony is contacting anyone affected and is offering credit monitoring and identity restoration services. In correspondence notifying affected individuals of the breach, Sony said it is "not aware of publication or misuse" of the personal details exposed during the hack.

The sensitive information was accessible through a (now-fixed) vulnerability in Sony's MOVEit file transfer platform, enabling an "unauthorised actor" to download the files containing personal information. 

Progress Software, the maker of MOVEit software, first identified the vulnerability three days after the attack, on 31st May. Sony discovered the unauthorised downloads on 2nd June and "immediately" took the platform offline. Sony then launched an investigation with external cybersecurity experts and notified law enforcement.

The Office of the Maine Attorney General has reported that 6,791 Sony people have been affected by the attack.

This is the second such data breach to affect Sony recently, following a different ransomware group, RANSOMEDVC, claimed that it had hacked Sony systems and was selling the data following the company's refusal to pay the $200k ransom demanded. 

Techmonitor:     Flashpoint:    Bleeeping Computer:   Eurogamer:   Maine.Gov.     Intl. Inst.Learning

 Hackread:      CoopWB:      Image: KD_ Buck

You Might Also Read: 

Shell Confirms Supply Chain Attack:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Police Access To Passport Database 'risks public trust'
Ten Reasons Your Enterprise Could Benefit From XDR Security »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Acunetix

Acunetix

Acunetix is a leading web vulnerability scanner, widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology.

Green Hills Software

Green Hills Software

Green Hills Software is the largest independent vendor of embedded secure software solutions for applications including the Internet of Things.

Progress Flowmon

Progress Flowmon

Progress Flowmon (formerly Flowmon Networks) provide high performance network monitoring technology and behavior analytics to enhance network performance and deal with cyber threats.

Qufaro

Qufaro

Qufaro is a new initiative designed to make it simpler for those with career ambitions in cyber security to access the UK’s cyber-specific education and innovation opportunities.

Inseego

Inseego

Inseego provides Enterprise SaaS solutions and IoT & Mobile solutions, which together form the backbone of intelligent, reliable and secure IoT services with deep business intelligence.

Kentik

Kentik

Kentik - one platform for Network Visibility, Performance, and Security.

Cylera

Cylera

Cylera is a Healthcare IoT cybersecurity and intelligence company built in close partnership with healthcare providers.

Fudo Security

Fudo Security

Fudo Security is a leading provider of privileged access management and privileged session monitoring solutions.

Stratia Cyber

Stratia Cyber

Stratia Cyber is an independent, technology agnostic company providing high quality, pragmatic cyber security consultancy and expertise.

ACSG Corp

ACSG Corp

ACSG Corp is a Critical Infrastructure Protection Company with a multi-disciplinary focus on building analytics software for various industry sectors.

Kennedys

Kennedys

Kennedys is a global law firm with expertise in litigation/dispute resolution and advisory services, particularly in the insurance/reinsurance and liability sectors, including cyber risk.

Alethea

Alethea

Alethea is a technology company helping companies, nonprofits, and democracies protect themselves from harms stemming from disinformation and social media manipulation.

Frontier Technology Inc. (FTI)

Frontier Technology Inc. (FTI)

Frontier Technology Inc provides the technology and deep data expertise to drive the best defense and intelligence solutions.

Eleviant Tech (CTG Group)

Eleviant Tech (CTG Group)

Eleviant Tech (CTG Group) is a USA based digital transformation company with expertise in Mobile, Cloud, Web, IoT, AR, RPA, Cyberseurity and AI Technologies.

Idenhaus Consulting

Idenhaus Consulting

Idenhaus specializes in Cybersecurity and Identity Management (IAM) Consulting.

Faddom

Faddom

Faddom is an agentless tool that visualizes your on-premises and cloud infrastructure, as well as their inter-dependencies.