Q1 ebook

Insomniac Reports Data Breach Involving Employee Information, Game Development Details

Sony building

Sony-owned video-game studio Insomniac released a statement Friday (Dec. 22) about a data breach that became known earlier this month.

“We’re both saddened and angered about the recent criminal cyberattack on our studio and the emotional toll it’s taken on our dev team,” the company said in a post on X. “We have focused inwardly for the last several days to support each other.”

The data stolen in the cyberattack includes personal information belonging to Insomniac’s current employees, former employees and independent contractors, according to the post. It also includes early development details about a game the company is currently working on, Marvel’s Wolverine for PlayStation 5.

“We continue working quickly to determine what data was impacted,” Insomniac said in the post.

Insomniac detected the breach earlier in December and took immediate action by shutting down internal services like email and Slack to contain the situation, Bloomberg reported Friday.

The data breach was orchestrated by a group of ransomware hackers known as Rhysida, who gained unauthorized access to the company’s servers and said they would sell the data for $2 million in bitcoin, according to the report.

The hackers subsequently released 1.7 terabytes of data, which included both personal employee information and footage from upcoming games, the report said.

Adding to the distress caused by the data breach, a set of leaked slides revealed that Insomniac CEO Ted Price was resisting pressure from Sony to cut 50 to 75 jobs from the studio as part of a company-wide cost-cutting initiative, per the report. Rumors of impending layoffs at Insomniac had already been circulating among employees for months.

A meeting initially scheduled to address the potential layoffs on Thursday (Dec. 21) was rescheduled for after the holidays, leaving employees in a state of uncertainty, according to the report.

This data breach comes on the heels of several other such incidents. These include Comcast saying on Monday (Dec. 18) that hackers stole personal data from millions of customers, Kentucky-based Norton Healthcare confirming on Dec. 11 that hackers accessed the personal data of millions of patients and employees in May, and Samsung disclosing in November that a year-long breach spanning 2019 and 2020 resulted in unauthorized access to the personal data of customers who made purchases at its U.K. store.