Hackers from the Rhysida ransomware group have released 1.3 million files of content from Sony-owned Insomniac Games in what security experts have dubbed a highly damaging incident for the firm's industry standing.
The data, 1.67TB in total, is believed to include private employee data and internal company emails, including bank account details, credit card account numbers, contractor and HR personnel files, along with internal files on executives and board members.
Also stolen were game road maps, budgets, and information about upcoming games.
Erfan Shadabi, cyber security expert at Comforte AG, said sensitive information leaked in the breach could offer competitors valuable insights on the company’s future strategy, and marks a significant blow for the firm.
"The breach exposes sensitive information, including game roadmaps and budgets, with potential consequences for Sony's operational integrity and industry standing," he said.
"The leaked data, valuable to competitors, could be exploited for strategic advantage or used for malicious purposes such as the development of malware."
The Rhysida ransomware group claimed responsibility for the hack earlier this month, threatening at the time to sell the “exclusive, unique, and impressive” data at auction, with a starting price of 50 Bitcoin, equivalent to just over $2 million.
Following the close of this auction, data not yet sold by the group was leaked, with Rhysida posting an update to its dark web site stating “not sold data was uploaded, data hunters, enjoy!”.
This incident marks the second major attack by Rhysida in the space of three months. The group is also believed to have been behind the recent cyber attack on the British Library, after which it auctioned the data with a starting price of 20 Bitcoin and a closing data of November 27.
Discover how you can safeguard your organization against ransomware attacks with a zero trust strategy
DOWNLOAD NOW
In November, the FBI issued a joint Cybersecurity Advisory on the group, warning it had been deploying its ransomware against the education, healthcare, manufacturing, information technology, and government sectors since May 2023.
The group is believed to have been responsible for attacks on government bodies in Portugal, Chile, and Kuwait, and also claimed responsibility for an attack on the US hospital group Prospect Medical Holdings in August.
Its attacks are generally carried out by exploiting known vulnerabilities such as ZeroLogon, and then using phishing techniques to gain the necessary credentials to authenticate to internal VPN access points that lack MFA by default.
Javvad Malik, lead security awareness advocate at KnowBe4, said that while efforts are being made to combat the group’s activities, more can be done to mitigate the threat posed by both Rhysida and other sophisticated ransomware groups.
"Knowledge sharing and government-industry collaboration are critical in responding to these threats,” he said.
“It's no longer enough to just protect the perimeter; the key is resilience and a comprehensive security strategy that includes preparation for the 'what if?' — because the 'what if?' is occurring with increasing frequency."
ITPro has approached Sony for comment.
