Sony subsidiary Insomniac Games is sending data breach notification letters to employees whose personal information was stolen and leaked online following a Rhysida ransomware attack in November.
The California-based video game developer has been part of Sony Interactive Entertainment's Worldwide Studios division (now known as PlayStation Studios) after being acquired by Sony
in August 2019.
The gaming studio's most recent project is Marvel's Spider-Man 2, released for PlayStation 5, and is currently working on Marvel's Wolverine for the same platform.
In December, Sony said they were
investigating the Rhysida ransomware gang's claims that they breached Insomniac Games and stole over 1.3 million files from its network.
After negotiations failed when the game studio refused to pay the $2 million ransom, Rhysida dumped 1,67 TB of documents on its dark web leak site.
"We are saddened and angered about the recent criminal cyberattack on our studio and the emotional toll it's taken on our dev team," the studio
said in a statement published on Twitter after the leak.
"We are aware that the stolen data includes personal information belonging to our employees, former employees, and independent contractors."
The leaked files include many ID scans and internal documents, such as contract information and licensing agreements with Marvel and Nvidia, as well as screenshots of Insomniac Games' upcoming Wolverine game.
As claimed on Rhysida's site, the threat actors have only leaked 98% of the files they stole from the studio after selling the rest to the highest bidder.
