Employees whose personal information was stolen and leaked online in the wake of a Rhysida ransomware attack are receiving data breach notification letters from Sony subsidiary Insomniac Games.
After being purchased by Sony in August 2019, the California-based video game developer was a part of Sony Interactive Entertainment’s Worldwide Studios division ( now known as PlayStation Studios ).
Marvel’s Spider-Man 2, which was released for the PlayStation 5, is the most recent game the gaming studio has produced, and Wolverine is currently being developed for that same platform.
Sony announced in December that it was looking into the allegations made by the Rhysida ransomware gang that they had stolen more than 1.3 million files from Insomniac Games.
Rhysida dumped 1, 67 TB of documents on its dark web leak site after negotiations broke down when the game studio refused to pay the$ 2 million ransom.
In a statement released on Twitter following the leak, the studio expressed its sadness and rage over the recent criminal cyberattack on its studio and the emotional toll it has placed on our dev team.
” We are aware that personal information from our employees, former workers, and independent contractors is among the stolen data.”
Numerous ID scans, internal documents, including license agreements and contract details with Marvel and Nvidia, as well as screenshots of the upcoming Wolverine game from Insomniac Games, are among the leaked files.
Only 98 % of the files that the threat actors stole from the studio—as claimed on Rhysida’s website—were leaked after the remaining files were sold to the highest bidder.
Employees whose data was stolen between November 25 and November 26 and later leaked on the Rhysida ransomware group’s leak site are now being informed by Insomniac Games.
” As you are aware, we maintain and store files that contain information about your employment, including your personal information.” Unfortunately, according to the breach notification letter, an unauthorized actor downloaded these files and made them available online.
” We started analyzing the downloaded files after Insomniac identified them to find out what kinds of personal information were impacted and to whom it relates.” Although we worked quickly, we wanted to give you accurate information because this was a time-consuming process.
Beyond the current enrollment period, Insomniac and Sony are adding two more years of free credit monitoring and identity restoration to the ID Watchdog services already provided as part of their employee benefits package.
Additionally, the business has a dedicated call center available to respond to any queries about the ransomware attack in November that affected employees may have.
When BleepingComputer contacted a Sony spokesperson earlier today to get more information on how many people were impacted by this data breach and what personal information was leaked online, the spokesperson was not immediately available for comment.
After breaching the Chilean Army ( Ejército de Chile ) and the British Library, the Rhysida  ( RaaS ) operation, which debuted in May 2023, quickly gained notoriety.
A joint advisory from CISA and the FBI forewarned of the Rhysida gang’s opportunistic attacks targeting organizations across numerous industry sectors, while the U.S. Department of Health and Human Services ( HHS) and linked andnbsp repeatedly attacked American healthcare organizations.