Sony reports MOVEit related data breach

Sony Interactive Entertainment (Sony) has officially reported a data breach exposing both current and former employees and their family members.

This breach was caused by an unauthorized party exploiting a zero-day vulnerability, in the MOVEit Transfer platform.

Upon discovery of the vulnerability at the end of May, Sony took the platform offline, remediated the vulnerability, launched an investigation with assistance from external cybersecurity experts, and informed law enforcement.

The incident was limited to the particular software platform and did not impact any other Sony systems.

The breach exposed sensitive information of 6,791 individuals in the U.S., with Sony offering them credit monitoring and identity restoration services through Equifax. No details are available about the exposed data in the breach.

This breach is separate from another security breach where threat actors obtained a dataset containing details related to the SonarQube platform, certificates, Creators Cloud, incident response policies, and more.