Sony Falls Victim To CLop Ransom Attack

Uploaded on 2023-10-10 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The leading global technology firm Sony is not immune to cyber threats and the company has in the past faced multiple cyber-attacks, compromising millions of user data. Now, in a financial filing in the US state of Maine, Sony Interactive Entertainment has confirmed that the personal information of thousands of former and current employees was exposed as part of a cyber attack in June.

The company sent the data breach notification to about 6,800 individuals, confirming that the intrusion occurred after an unauthorised party exploited a zero-day vulnerability in the MOVEit Transfer platform.

The data breach was carried out by the Clop ransomware group and now Sony is contacting anyone affected and is offering credit monitoring and identity restoration services. In correspondence notifying affected individuals of the breach, Sony said it is "not aware of publication or misuse" of the personal details exposed during the hack.

The sensitive information was accessible through a (now-fixed) vulnerability in Sony's MOVEit file transfer platform, enabling an "unauthorised actor" to download the files containing personal information. 

Progress Software, the maker of MOVEit software, first identified the vulnerability three days after the attack, on 31st May. Sony discovered the unauthorised downloads on 2nd June and "immediately" took the platform offline. Sony then launched an investigation with external cybersecurity experts and notified law enforcement.

The Office of the Maine Attorney General has reported that 6,791 Sony people have been affected by the attack.

This is the second such data breach to affect Sony recently, following a different ransomware group, RANSOMEDVC, claimed that it had hacked Sony systems and was selling the data following the company's refusal to pay the $200k ransom demanded. 

Techmonitor:     Flashpoint:    Bleeeping Computer:   Eurogamer:   Maine.Gov.     Intl. Inst.Learning

 Hackread:      CoopWB:      Image: KD_ Buck

You Might Also Read: 

Shell Confirms Supply Chain Attack:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Police Access To Passport Database 'risks public trust'
Ten Reasons Your Enterprise Could Benefit From XDR Security »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Gigamon

Gigamon

Gigamon provides intelligent Traffic Visability solutions that provide unmatched visbility into physical & birtual networks without affecting the performance or stability of production environments.

Cryptomathic

Cryptomathic

Cryptomathic is an expert on commercial crypto - we develop, deliver and support the most secure and efficient off-the-shelf and customised solutions.

Ogasec

Ogasec

Ogasec is a cybersecurity company formed by the merger between Aker and N-Stalker in 2017. Solutions include Security & Connectivity Networking, Application Security, and Managed Security Services.

Shieldfy

Shieldfy

Shieldfy is a cloud-based security shield for your website to protect it from cyber attacks and malwares.

Corrata

Corrata

Corrata is an award-winning provider of mobile security and data control solutions for enterprises.

Cyber Range Solutions (CRS)

Cyber Range Solutions (CRS)

CRS provides cyber security training and improve security team performance by providing a hyper realistic, virtual training environment.

RocketCyber

RocketCyber

RocketCyber is a Managed SOC platform empowering Managed Service Providers (MSPs) to deliver security services to small and medium businesses.

Buchanan & Edwards

Buchanan & Edwards

Buchanan & Edwards delivers forward-focused technology solutions that help our clients transform the way they perform their missions.

Intel 471

Intel 471

Intel 471 provides adversary and malware intelligence for leading intelligence, security and fraud teams.

Narf Industries

Narf Industries

Narf Industries are a small group of reverse engineers, vulnerability researchers and tool developers that specialize in tailored solutions for government and large enterprises.

Tozny

Tozny

Tozny offers products with security and privacy in mind that are built on the foundation of end-to-end encryption, and open-source verifiable software.

ExtraHop

ExtraHop

ExtraHop's dynamic cyber defense platform uses cloud-scale AI to help enterprises detect and respond to advanced threats - before they compromise your business.

Karate Labs

Karate Labs

Karate is an open-source unified test automation platform combining API testing, API performance testing, API mocks & UI testing.

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.

Thero6

Thero6

Thero6 develop dynamic financial analysis algorithms that help prevent coin collapses and theft of cryptocurrency funds by identifying the transaction absolutely throughout the chain.

LiveAction

LiveAction

LiveAction’s Network Intelligence platform transforms complex data into actionable insights, providing organizations with a comprehensive view of their network.