Electronics giant Panasonic’s data breach raises questions, researchers say – given that more than 2 weeks after the incident was discovered, it is unclear if customers’ personal information has been impacted.
Cyber-attackers had access to their file server for 4 months.
On Fri., Panasonic confirmed that its “network was illegally accessed by a 3rd party on Nov. 11, 2021,” & that “some data on a file server had been accessed during the intrusion.”
It added, “Panasonic is currently working to determine if the breach involved customers’ personal information and/or sensitive information related to social infrastructure.”
Further details on the breach are limited, with Panasonic’s statement offering very little in the way of technical detail or timeline. However, local reports picked up by the Record indicated that the breach had been ongoing since June, giving attackers plenty of time to look inside the Japanese company’s files.
Stored on the Server
The NHK news outlet also noted that “in addition to information about the company’s technology & business partners, personal information of employees was stored on the server….the company says that the leakage of information to the outside has not been confirmed at this time,” according to its sources.
However, Jake Williams, Co-Founder & CTO at Breach Quest, speculated that the intrusion could become a major incident.
“As is typical in these early-stage incident reports, there are many unknowns,” he stated via email.
“In this case however, there are already red flags. NHK reported that internal network monitoring was the source of the incident detection, seemingly implying that the depth of intrusion is more than a misconfigured external server
…Those misconfiguration cases at least have localised impact because there is no threat of threat actor lateral movement deeper into the network.”
John Bambenek, Principal Threat Hunter at Netenrich, also noted that the 4-month gap between breach & detection is concerning.
“While attacks on Japanese companies are continuing, the fact that the initial infection occurred in June and wasn’t detected until Nov. demonstrates that companies are continuing to lag behind attackers,” he explained. “Breaches need to be detected in hours, not months.”
However, Eddy Bobritsky, CEO at Minerva Labs, had a different take on the reported timeline.
“Although their investigation hasn’t been completed yet, Panasonic seem to be lucky here as they were able to detect the breach relatively quickly,” he outlined. “According to…IBM’s ‘Cost of Data Breach 2021’ report, on average it took 287 days to identify & contain a data breach.”
The news follows a ransomware attack on Panasonic India last year, which resulted in email addresses & financial data being leaked. Also, Panasonic is just the latest in a line of attacks on Japanese companies: Info-stealing hacks in 2020 on Kawasaki, Kobe Steel and Pasco, Mitsubishi Electric & NEC formed a notable cluster of events. And, this Oct., a ransomware attack paralysed Japanese tech giant Olympus.
It is unclear yet when more details will emerge. “Panasonic likely has some work ahead to threat hunt in its network before fully understanding the scope of the compromise,” Breach Quest’s Williams concluded.