Asahi has finally done the sums on September’s ransomware attack in Japan, conceding the crooks may have helped themselves to personal data tied to almost 2 million people.
Back on September 29, Asahi disclosed a “system failure caused by a cyberattack” that knocked out ordering, shipping, and call center systems across its Japanese operations. Days later, the attack was claimed by the Qilin ransomware crew, which reckons it stole some 27 GB of internal files – including employee records, contracts, financial documents, and other sensitive assets.
Fast forward to November 27, Asahi has finally posted a full breakdown of who and what might be affected. The tally includes 1.525 million people who contacted its customer service centers, 114,000 external contacts who received condolence or congratulatory telegrams, 107,000 current or former employees, and 168,000 of their family members. The exposed data includes names, addresses, phone numbers, email addresses, and in some cases date of birth and gender – but credit card information is not on the list.
Asahi notes that the exposed data was limited to systems managed in Japan, and none has yet been published. The company also pledges to notify individuals whose data is confirmed to have been compromised – but with nearly two million people in scope, that’s a mammoth mailing list.
In its latest update, Asahi said attackers entered via compromised network equipment at a Group datacenter facility in Japan and deployed ransomware on the same day, encrypting data on multiple live servers and some connected PCs.
[…]
Source: Asahi admits ransomware may have spilled data on 2M people • The Register
The dangers of collecting too much data
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft