Just a few weeks ago, we covered a supposed breach of Sony’s systems, whereby ransomware hackers claimed they had “compromissed [sic] all of sony [sic] systems.” Sony didn’t seem particularly perturbed, however, presumably owing to the fact that the breach seemed like some random files off a dead FTP server in Japan, not at all a major hacking of systems or corporate data.
However, this week’s breach – which actually happened back in May and is just now coming to light – was a bit more serious. Bleeping Computer, which first reported the incident, publicized a letter sent by Sony to former employees and relatives of workers on Tuesday, informing them that a breach of its third-party FTP system earlier this year exposed “personal information” of those workers and their families – 6791 of them. The exact information is blanked out for the published letter, of course, but it’s fairly short, suggesting the hackers didn’t get much more than a name or password.
The company claims it learned about the breach in early June, but it’s only just now getting around to admitting the vulnerability. Sony offered credit monitoring and identity restoration services to everyone affected, though it does say it is “not aware of publication or misuse of [this particular worker’s] personal information,” and it does make clear that an “unauthorized actor” did indeed download the files.
Kotaku has an update for that earlier hack, however: It did really happen, and it involved a server relating to the company’s non-gaming divisions – but not any “customer or business partner data.”
