Posted on November 30, 2021 at 5:47 PM
Japanese multinational conglomerate Panasonic has confirmed a data breach after an unauthorized third party had access to its network.
The electronics giant, in a press release, stated that an investigation into the hacking incident has already begun. It also noted that the threat actor allegedly had access to one of its file servers and its stored data during the hacking incident.
Panasonic Has Launched An Investigation Into The Breach
The company reported the issue to relevant authorities after detecting the breach. It has also implemented security countermeasures to curtail the overall impact of the attack and prevent future intrusions.
However, Panasonic didn’t mention any further details of the intrusion, opting to let security researchers and law enforcement authorities do their job without interruption.
Panasonic commented on the first discovery of the data breach on November 11. According to the report, the threat actors infiltrated the server and stole stored information, including the technical details of Panasonic’s business partners.
Apart from carrying out its investigation, the electronics giant has consulted with a specialist third-party organization for more investigation into the breach. The company wants to find out the extent of the leak and how it has impacted customers. Panasonic wants to know whether the infiltration led to the exposure of customer information related to social infrastructure.
The report also noted that the hacker or third party may have accessed sensitive data in Panasonic’s storage data. These include the firm’s domestic operation files, employees’ info, as well as some personal details about the customers.
Despite the reports, Panasonic has neither denied nor confirmed the heft of sensitive information from the company’s server. It has only spoken about the attack in interviews and press releases.
The company also noted that it cannot deny the possibility of a serious incident but cannot say for sure whether it will have an impact on its business performance.
The Breach Was Discovered Months After The Attack
While there were reports that the threat actors have had initial access to the server, the company was able to discover the breach several months after the alleged attack. This makes it more difficult to ascertain exactly the type and level of data that has been breached since the first intuition took place.
Panasonic said it discovered the hacking incident after detecting irregular network traffic. The firm immediately reported the infringement and has partnered with cybersecurity firms and law enforcement to implement security countermeasures. The measures include the prevention of external access to the company’s network.
According to Japanese outlets, NHK and Mainichi, the infiltration began on June 22 and ended on November 3.
Panasonic Still Faces Issues Despite Security Improvements
Earlier this year, Panasonic entered into a deal with McAfee for the development of vehicle security operations that can help the firm cushion the impact of future cyber attacks.
According to the deal, both companies will be creating a SOC to “commercialize vehicle security monitoring services” for early threat detection and response.
This is not the first time Panasonic has threaded into vehicle-based cybersecurity. It has earlier launched an automotive intrusion detection system that can be mounted on a car. The system scans for any signal of suspicious cyberattack attempts. Once the data has been scanned, it is transmitted to the SOC and event system for potential threat analysis. However, it seems the aim of the deal was defeated following the latest discovery of an attack on its server.
Last November, Panasonic India announced that it was hit by a ransomware attack by Russian-speaking threat actors. At the time, the company said the threat actors requested $500,000 as ransom to prevent the release of the stolen data to the public.
However, the hackers later released about 4GB of the data, which contains details about the company’s dealings with suppliers information on software systems, a list of internal passwords, as well as bank account numbers.
Threat actors are now using different strategies to infiltrate company servers and steal data. Many of the hackers are taking advantage of the poor level of insecurity from users, and in some cases companies, to infiltrate their systems and steal sensitive details.
Credential stuffing attacks have proven to be one of the biggest threats in cyberspace. But the recent attack on Panasonic has all the ingredients of a ransomware attack, although no threat actor has come out to claim responsibility for the attack. In a lot of cases, the hackers contact the company directly, threatening to release the details of the stolen data if a ransom is not paid.