Japanese electronic major Sony Interactive Entertainment (SIE) has sent notices to some current and former employees, warning that their personal information was compromised in a recent system breach.
Sony has sent the data breach notification to about 6,800 individuals, according to reports.
“We want to provide you with information about a cybersecurity event related to one of our IT vendors, Progress Software, that involved some of your personal information,” the company said in the notice.
This event was limited to Progress Software’s MOVEit Transfer platform and did not impact any of our other systems, Sony clarified.
According to the data breach notification, the compromise happened on May 28 and Progress Software announced a newly discovered vulnerability in its MOVEit file transfer platform, which is used by SIE and thousands of other enterprises around the world.
“On June 2, 2023, SIE discovered the unauthorised downloads, immediately took the platform offline and remediated the vulnerability. An investigation was then launched with assistance from external cybersecurity experts,” the company informed.
Sony says the incident was limited to the particular software platform and had no impact on any of its other systems. A ransomware group known as “Cl0p” had claimed responsibility for breaking into a Sony server in June. Sony also launched an investigation last month into a second breach in which hackers acquired 3.14GB of data.
“Sony has been investigating recent public claims of a security incident at Sony. We are working with third-party forensics experts and have identified activity on a single server located in Japan used for internal testing for the Entertainment, Technology and Services (ET&S) business,” a company spokesperson told BleepingComputer.
“There is currently no indication that customer or business partner data was stored on the affected server or that any other Sony systems were affected. There has been no adverse impact on Sony’s operations,” the spokesperson added.