Thursday, Sony Interactive Entertainment acknowledged a massive data breach that saw thousands of PlayStation employees have their personal data leaked onto the internet.

First reported by BleepingComputer, Sony has undergone a cyberattack that exposed the personal information of thousands of employees via a MOVEit file transfer platform used by SIE employees. The platform is developed by third-party IT software developer, Progress Software, and the breach was solely on the employees that utilized the MOVEit software, with all other systems left unimpacted. This is completely unrelated to the latest LAPSUS$ attack unearthed back on September 25.

Progress Software revealed a ‘vulnerability’ in their systems on May 31, 2023, but by then, an ‘unauthorized actor’ had already gotten into sensitive data three days prior. The cyberattack was reported to have “6,791” victims from the Sony and PlayStation employee sample size, which is massive considering SIE reports they have just above 12,000 employees, but the SIE LinkedIn shows 8,986. Either way, the data breach has affected a massive percentage of SIE employees, ranging from 56% to a whopping 75% of employees hit by the breach.

A redacted copy of the Sony Interactive Entertainment email sent to employees to inform them about the data breach says, “On June 2, 2023, SIE discovered the unauthorized downloads, immediately took the platform offline and remediated the vulnerability.” Sony and PlayStation then detail how affected employees can use a complimentary “identity restoration” service to monitor future data breach threats from Equifax Complete Premier. A copy of the email can be found here, and those affected should use these services soon, as the deadline for victims of the data breach to fill out the paperwork is February 24, 2024.

It’s also worth mentioning internet watchdog X account (formerly Twitter) FalconFeedsio posted Sony as a ‘victim’ of ransomware group CL0P back on June 22 as well, and that tweet can be seen below. The warning reads “The company doesn’t care about its customers, it ignored their security!!!”

Further, on September 23 cyberdaily.au reported a cyber security attack on Sony and PlayStation from a relatively new ransomware group called Ransomed.vc, complete with proof of their hacking attempts. Sony is aware and is investigating that separate situation.

While the hack is still a developing situation, besides the internal email released to affected employees, Sony and PlayStation have not notified the public directly regarding the cyberattack, and regular Sony customers have not been affected by the data breach as of this post. CGMagazine will keep fans notified if a development is made.