A cybersecurity breach exposing personal data has been reported to current and past workers of Sony Interactive Entertainment (Sony) as well as their families.

About 6,800 people received notice of the data breach from the business, which confirmed that the attack happened as a result of an unauthorized entity taking advantage of a zero-day vulnerability in the MOVEit Transfer platform.

The zero-day is CVE-2023-34362, a critical-severity SQL injection vulnerability that allows for remote code execution. The Clop ransomware used this vulnerability in widespread assaults that breached several businesses worldwide.

Sony Group was added to the list of victims by the Clop ransomware group in late June. But until today, the company hasn’t released a statement to the public.