Sony confirms cyber-attack exposed details of nearly 7000 current and former employees

Sony Interactive Entertainment has confirmed the personal information of 6,791 former and current employees was exposed as part of a cyber-attack in June.

The data breach was carried out by the Clop ransomware group, Bleeping Computer reports. Sony is now contacting anyone affected and is offering credit monitoring and identity restoration services.

In correspondence notifying affected individuals of the breach, Sony said it is "not aware of publication or misuse" of the personal details exposed during the hack.

The sensitive information was accessible through a (now-fixed) vulnerability in Sony's MOVEit file transfer platform, enabling an "unauthorised actor" to download the files containing personal information. MOVEit developer Progress Software flagged the vulnerability three days after the attack, on 31st May.

Sony discovered the unauthorised downloads on 2nd June and "immediately" took the plaform offline. The company launched an investigation with external cybersecurity experts and notified law enforcement, it said.

6,791 people have been affected, as recorded by the Office of the Maine Attorney General.

This is the second data breach that's come to light for Sony recently. Last month, a different ransomware group claimed it had hacked all of Sony's systems and was selling the data following the company's refusal to pay. At the time, Sony did not respond to Eurogamer's request for comment but told other publications it was "currently investigating".

Two days after breaking the news, Cyber Security Connect reported another person came forward claiming to have hacked Sony, and leaked credentials for some of Sony's internal systems.