Sony has started notifying the personnel affected by the recent data breaches as we're now just getting an idea of how much data a ransomware group accessed.
According to a new report by Bleeping Computer, the company has informed current and former employees of the Sony Interactive Entertainment division after an unauthorized actor accessed the company's systems. There are 6,781 individuals affected by the recent security breach as recorded by the Office of the Maine Attorney General.
The unauthorized access was due to a vulnerability in MOVEit Transfer, a file-management transfer software being used by Sony and many other companies. CL0P, a ransomware group, claimed responsibility for the data breach. The group reportedly used an exploit in MOvEit's vendor Progress Software, allowing the hackers to steal data from the databases.
"Sony has been investigating recent public claims of a security incident at Sony. We are working with third-party forensics experts and have identified activity on a single server located in Japan used for internal testing for the Entertainment, Technology, and Services (ET&S) business," a spokesperson for Sony Corporation said to IGN. "Sony has taken this server offline while the investigation is ongoing. There is currently no indication that customer or business partner data was stored on the affected server or that any other Sony systems were affected. There has been no adverse impact on Sony operations."
