Personal and corporate information was stolen from electronics and electrical equipment manufacturing company Mitsubishi Electric during a data breach that occurred last year.
In a notice published on Monday, the Japanese company confirmed not only that its network was breached, but also that the attackers may have accessed some personal and confidential corporate information.
The manufacturer revealed that it discovered suspicious behavior on a system on June 28 last year, and that it immediately restricted external access.
The company says its internal investigation has confirmed that “sensitive information on social infrastructure such as defense, electric power, and railways, highly confidential technical information, and important information concerning business partners” hasn’t been stolen.
The company has also revealed that the attackers were careful enough to erase their tracks, which made the compromise difficult to detect on some systems.
Mitsubishi Electric estimates that the hackers exfiltrated around 200MB of data, including employment application information on 1,987 people, employee information on 4,566 people, and information on 1,569 retired employees of affiliated companies.
Confidential technical materials, sales materials, and other trade secrets might have been leaked as well, the company reported.
The manufacturer said it started sending notices of the data breach on January 20, and it is also informing customers about the potential leak of trade secrets. Authorities have been alerted as well.
To access the company’s network, the attackers apparently targeted a vulnerability in an anti-virus product before a patch was released.
According to Japanese newspapers, the attackers gained access to the company’s systems via hijacked email accounts, after initially compromising a China-based affiliate. The hackers had apparently compromised over 120 systems at 14 locations.
Asah ..
Support the originator by clicking the read the rest link below.
