[BreachExchange] Mitsubishi Electric Discloses Information Leak

Destry Winant destry at riskbasedsecurity.com
Tue Jan 21 09:52:24 EST 2020


https://www.infosecurity-magazine.com/news/mitsubishi-electric-discloses/

Japanese company Mitsubishi Electric has today disclosed an
information leak that occurred over six months ago.

The century-old electronics and electrical equipment manufacturing
firm announced the breach by issuing a brief statement on its website.

An official internal investigation was launched after suspicious
activity was observed taking place on June 28, 2019. The company said
that upon noting the unusual behavior on the network, measures were
immediately taken to restrict external access.

According to Nippon.com, hackers accessed servers and computers at
Mitsubishi headquarters and other offices belonging to the company in
a large-scale cyber-attack.

Mitsubishi said: "We have confirmed that our network may have been
subject to unauthorized access by third parties and that personal
information and corporate confidential information may have been
leaked to the outside."

Mitsubishi announced the breach today after it was reported by two
newspapers, the Asahi Shimbun and Nikkei. A theory put forward by both
local papers is that the attack was initiated by a cyber-espionage
group with links to the People's Republic of China.

While Nikkei reported that hackers swiped 200 MB of information from
Mitsubishi, the manufacturer claims that its investigation of the
incident uncovered no evidence that any sensitive data connected to
its business partners or government defense contracts had been stolen
or misused.

In a statement no doubt intended to reassure Mitsubishi's corporate
parents, the company wrote: "As a result of an internal investigation,
it has been confirmed that sensitive information on social
infrastructure such as defense, electric power, and railways, highly
confidential technical information, and important information
concerning business partners has not been leaked."

When announcing the incident, Mitsubishi didn't explain why it had
waited so long after discovering the breach to go public with the
news. However, the inclusion of the comment "to date, no damage or
impact related to this matter has been confirmed" could imply that the
company chose to hold back information until it had a clear idea of
what the effects of the breach might be.

Japan's chief cabinet secretary Yoshihide Suga said the government had
been informed of the cybersecurity breach and that there was no leak
of information related to defense equipment or to the electric power
sector.


More information about the BreachExchange mailing list