Insomniac Games Warns Employees Impacted by Devastating Ransomware Data Breach

A Ransomware Nightmare for Insomniac Games

Remember that ransomware attack on Insomniac Games back in November? Well, it has come back to haunt them, and it’s not looking good. The Rhysida ransomware attack resulted in the loss of employees’ personal information and the release of sensitive documents online. As a Sony subsidiary, Insomniac Games is now sending data breach notification letters to those affected.

For those unaware, Insomniac Games is a California-based video game developer and has been part of Sony Interactive Entertainment’s Worldwide Studios division (now known as PlayStation Studios) since August 2019. They’re responsible for Marvel’s Spider-Man 2 and are currently working on Marvel’s Wolverine.

After the attack, Sony investigated the Rhysida ransomware gang’s claims that they breached Insomniac Games and stole over 1.3 million files from its network. When the game studio refused to pay the $2 million ransom, Rhysida decided to dump 1.67 TB of documents on its dark web leak site.

Insomniac Games expressed their disappointment and anger in a statement published on Twitter after the leak. They acknowledged that the stolen data includes personal information belonging to their employees, former employees, and independent contractors.

The leaked files consist of ID scans, internal documents, contract information, licensing agreements with Marvel and Nvidia, and even screenshots of Insomniac Games’ upcoming Wolverine game. According to Rhysida, they’ve only leaked 98% of the files they stole, selling the rest to the highest bidder.

Damage Control: Notifying Affected Employees

Now, Insomniac Games is contacting employees whose data was stolen between November 25 and November 26 and later leaked on the Rhysida ransomware group’s leak site. In the breach notification letter, the company explains that they store and maintain files containing employment information, including personal information about their employees. Unfortunately, these files were downloaded by an unauthorized actor and released online.

Insomniac and Sony are now extending the ID Watchdog services offered as part of their employee benefits package with two additional years of complimentary credit monitoring and identity restoration beyond the current enrollment period. They have also set up a dedicated call center to answer any questions affected employees may have about the November ransomware attack.

As of now, it’s unclear how many individuals were affected by this data breach and what personal information was leaked online. A Sony spokesperson was not immediately available for comment when we reached out for more information.

The Rhysida ransomware-as-a-service (RaaS) operation surfaced in May 2023 and quickly gained notoriety after breaching the Chilean Army (Ejército de Chile) and the British Library. While the U.S. Department of Health and Human Services (HHS) linked the Rhysida gang in August to multiple attacks against U.S. healthcare organizations, a joint advisory issued by CISA and the FBI warned of the group’s opportunistic attacks targeting organizations across multiple industry sectors.

Don’t Let This Happen to You: Stay Informed and Protected

This ransomware attack on Insomniac Games is a harsh reminder that no one is immune to cyber threats. As an IT Services company, we’re dedicated to helping you stay informed and protected against such attacks. Keep coming back to our site for more information on cybersecurity and reach out to us with any questions or concerns you may have. Together, we can work to prevent these kinds of nightmares from becoming a reality.