3rd Party Risk Management , Breach Notification , Business Continuity Management / Disaster Recovery
Japanese Electronics Giant Panasonic Discloses Data Breach
Company Implements 'Security Countermeasures,' Continues Its InvestigationStay tuned for updates on this developing story.
See Also: Gartner Market Guide for DFIR Retainer Services
Japanese multinational conglomerate Panasonic has disclosed a security breach that it says involved unnamed threat actors accessing servers on its network.
In a short statement issued on Friday, the electronics giant, headquartered in Osaka, Japan, confirmed that "its network was illegally accessed by a third party on Nov. 11, 2021. As the result of an internal investigation, it was determined that some data on a file server had been accessed during the intrusion."
The company says it reported the incident to relevant authorities and implemented "security countermeasures" - including "steps to prevent external access to the network." Panasonic has also brought on a third-party specialist to investigate what it calls a "leak," and to determine if it involved customers' personal data and/or sensitive information.
A spokesperson for Panasonic tells Information Security Media Group, "After detecting the unauthorized access, we immediately shut off the access route, reset all user credentials and strengthened access monitoring. Also, we are currently investigating whether it included consumers' personal information. ... [And] it is unclear why the servers were targeted."
In its statement on Friday, the company added: "Panasonic would like to express its sincerest apologies for any concern or inconvenience resulting from this incident."
Some security experts say this is another stark reminder that no enterprise - regardless of size - is immune from sophisticated attacks.
"Hackers gaining access to tech giant Panasonic is troubling given the amount of data such businesses hold and the ramifications if it falls into the wrong hands," says Danny Lopez, former HM consul general for the U.K.'s Foreign and Commonwealth Office, now CEO of the security firm Glasswall. "Attacks like these [again] demonstrate that a traditional castle-and-moat approach to network security leaves organizations exposed."
Incident Timeline
Although Panasonic's press release does not offer technical details on the intrusion or mitigation steps, Japanese media outlets Mainichi and NHK first reported that the illicit access to Panasonic's servers persisted between June 22 and Nov. 3, as noted by cybersecurity publication The Record. A Panasonic spokesperson has confirmed the timing with ISMG.
The threat actors reportedly gained access to customer and employee information before Panasonic picked up the abnormal network traffic, according to The Record. That subset reportedly includes customer details, employee personal information and technical files related to Panasonic's domestic operations.
"[This] Panasonic [breach] illustrates that attempts to access data stores are happening more frequently than ever," says Alex Pezold, a former information security specialist for the U.S. Department of Commerce and currently CEO of the security firm TokenEx. "Every organization must have a plan for which data to protect, and also a strategy for how to build resilience into company systems, so rebooting can happen swiftly, if needed."
Other experts agree with the assessment, noting that increasingly complex evasive techniques often buy hackers more time for lateral movement.
"This attack, much like ransomware, [is] becoming all too common," says Eddy Bobritsky, a former senior project manager for the Israeli Defense Forces. "An attacker uses evasive malware techniques to gain a foothold in the company to either steal proprietary data or encrypt or even destroy important information."
Bobritsky, who serves as CEO of the Israeli cybersecurity firm Minerva Labs, cites what is likely a sophisticated tactic against Panasonic and adds, "Although their investigation hasn't been completed yet, Panasonic seems to be lucky here, as they were able to detect the breach relatively quickly. According to the IBM Cost of Data Breach 2021 report, on average, it took 287 days to identify and contain a data breach."
Japanese Tech Targets
The Panasonic breach follows a string of other attacks on Japanese tech firms in recent years.
Late last year, Japan's Kawasaki Heavy Industries announced a breach and potential data leak after it had discovered unauthorized access to a Japanese server from overseas offices in locales including Thailand, Indonesia and the Philippines, from June to July 2020.
In January 2020, the Japanese multinational IT and electronics corporation NEC, which works closely with Japan's defense industry, confirmed that threat actors had gained unauthorized access to its internal network, including a server containing approximately 28,000 files, though it did not include personal or confidential information.
Global electric and electronic products manufacturer Mitsubishi Electric announced in early 2020 that it had been breached in June 2019, potentially exposing personal and/or corporate information.
In February 2020, Pasco Corp., a geospatial provider, and steel manufacturer Kobe Steel, which supplies submarine parts for Japan's Self-Defense Forces, announced that they had been breached in 2018 and 2015/2016, respectively, with access to internal networks and related, post-event malware infections.
Some of the high-profile cyberattacks targeting Japanese organizations have been linked to Chinese state-sponsored espionage groups, including the gang Tick, aka Bronze Butler or RedBaldNight, which has used spear-phishing and zero-day vulnerabilities to conduct cyberespionage and data theft. According to MITRE, the group primarily targets Japanese organizations - including those in government, biotechnology, electronics manufacturing, and industrial chemistry.
This story has been updated to include a statement from Panasonic.