{
	"id": "c0ed44a8-e131-4a49-838a-3dc185870924",
	"created_at": "2026-04-06T00:21:15.277194Z",
	"updated_at": "2026-04-10T03:21:10.589259Z",
	"deleted_at": null,
	"sha1_hash": "a6bbd1d509e649d8e3cfa9d1159c557e95fce76b",
	"title": "Sony confirms data breach impacting thousands in the U.S.",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1366731,
	"plain_text": "Sony confirms data breach impacting thousands in the U.S.\r\nBy Bill Toulas\r\nPublished: 2023-10-04 · Archived: 2026-04-05 22:47:13 UTC\r\nSony Interactive Entertainment (Sony) has notified current and former employees and their family members about a\r\ncybersecurity breach that exposed personal information.\r\nThe company sent the data breach notification to about 6,800 individuals, confirming that the intrusion occurred after an\r\nunauthorized party exploited a zero-day vulnerability in the MOVEit Transfer platform.\r\nThe zero-day is CVE-2023-34362, a critical-severity SQL injection flaw that leads to remote code execution, leveraged by\r\nthe Clop ransomware in large-scale attacks that compromised numerous organizations across the world.\r\nhttps://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nClop ransomware gang added Sony Group to its list of victims in late June. However, the firm did not provide a public\r\nstatement until now.\r\nhttps://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/\r\nPage 3 of 5\n\nAccording to the data breach notification, the compromise happened on May 28, three days before Sony learned\r\nfrom Progress Software (the MOVEit vendor) about the flaw, but it was discovered in early June.\r\n“On June 2, 2023, [we] discovered the unauthorized downloads, immediately took the platform offline, and remediated the\r\nvulnerability,” reads the notice.\r\n“An investigation was then launched with assistance from external cybersecurity experts. We also notified law\r\nenforcement,” Sony says in the data breach notification.\r\nSony says the incident was limited to the particular software platform and had no impact on any of its other systems.\r\nStill, sensitive information belonging to 6,791 people in the U.S. was compromised. The firm has individually determined\r\nthe exposed details and listed them in each individual letter, but it is censored in the notification sample submitted to the\r\nOffice of the Maine Attorney General.\r\nThe notification recipients are now offered credit monitoring and identity restoration services through Equifax, which they\r\ncan access by using their unique code until February 29, 2024.\r\nSony’s more recent breach\r\nLate last month, following allegations on hacking forums that Sony had been breached again and 3.14 GB of data had been\r\nstolen from the company’s systems, the firm responded by saying it was investigating the claims.\r\nThe leaked dataset that at least two separate threat actors held, contained details for the SonarQube platform, certificates,\r\nCreators Cloud, incident response policies, a device emulator for generating licenses, and more.\r\nA Sony spokesperson shared with BleepingComputer the statement below, which confirms a limited security breach:\r\nSony has been investigating recent public claims of a security incident at Sony. We are working with third-party\r\nforensics experts and have identified activity on a single server located in Japan used for internal testing for the\r\nEntertainment, Technology and Services (ET\u0026S) business.\r\nSony has taken this server offline while the investigation is ongoing. There is currently no indication that\r\ncustomer or business partner data was stored on the affected server or that any other Sony systems were affected.\r\nThere has been no adverse impact on Sony's operations.\r\nThis confirms that Sony has suffered two security breaches in the past four months.\r\nhttps://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/\r\nhttps://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/"
	],
	"report_names": [
		"sony-confirms-data-breach-impacting-thousands-in-the-us"
	],
	"threat_actors": [],
	"ts_created_at": 1775434875,
	"ts_updated_at": 1775791270,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a6bbd1d509e649d8e3cfa9d1159c557e95fce76b.pdf",
		"text": "https://archive.orkl.eu/a6bbd1d509e649d8e3cfa9d1159c557e95fce76b.txt",
		"img": "https://archive.orkl.eu/a6bbd1d509e649d8e3cfa9d1159c557e95fce76b.jpg"
	}
}