Kawasaki Heavy Industries Ltd, a multinational corporation mostly known for motorcycle, engine, and aerospace/defense manufacturing, was hit with a data breach. The breach shows that multiple overseas offices were subject to “unauthorized access”. Kawasaki confirms in a news release entitled “Concerning Unauthorized Access to Kawasaki Group” that the threat is suspected to be from outside the company, rather than an inside risk.
The overseas sites affected are located in Thailand, Indonesia, the Phillippines, and the United States. The first breach was found June 11th, when an internal system audit showed a server connection to Japan from their Thailand office – a connection that “should not have occurred.” Previously terminated network communication between the Japan site and the overseas sites was restored on November 30th.
Kawasaki acknowledges the length of time it took to report, as it took until December 28th to notify the public of the data leak. “Due to the fact that the scope of unauthorized access spanned multiple domestic and overseas offices, it took a considerable amount of time until the company can formally announce the incident,” they wrote in their news release. “We sincerely apologize for this delay and for the inconvenience and concern to customers and other related parties.”
Kawasaki continues by laying out the impact of the breach, acknowledging the possibility that personal information may have been leaked to a third party while adding that there has been no concrete evidence to suggest that it has happened. The company is working with an independent external security specialist firm to investigate the issue further and mitigate the risk. They are also continuing to monitor their network communications, as well as contacting customers who may have been affected by the data breach.
Kawasaki ends the news by assuring readers that the Cyber Security Group they established on November first will “continue[e] to tighten monitoring and access control in communication networks between our overseas offices and domestic offices,” as well as “strengthen security measures, analyzing the latest unauthorized access methods, to prevent recurrence.”