A recent attack on tech manufacturing firm Panasonic saw its dedicated network subject to a cyberattack and the data it stores illegally accessed by a threat operator.

A spokesperson for the technology firm has now announced that the attack took place some time ago, in the first half of November.

Confirmation of an attack

In a statement to the press and public last week, the Japanese tech giant commented that it was the victim of a cyberattack on November 11 and that its investigation into the incident had determined that data retained on one of its file servers had been successfully accessed in the intrusion.

The firm went on to detail the event and the actions it took to manage and mitigate its effects:

“After detecting the unauthorised access, the company immediately reported the incident to the relevant authorities and implemented security countermeasures, including steps to prevent external access to the network. In addition to conducting its own investigation, Panasonic is currently working with a specialist third-party organization to investigate the leak and determine if the breach involved customers’ personal information and/or sensitive information related to social infrastructure.”

In most countries, including the UK, when a data breach occurs, enterprises must inform the national data regulator within a limited timeframe. A breach report must be filed detailing when the attack was first discovered, when it was initiated, and what steps are being taken to handle the situation and protect any exposed personal information.

Companies are also obliged to inform data subjects whose personally identifiable information (PII) has been compromised during a cyberattack. The type of data exposed must be listed and an assessment of the risks to those involved must be offered. Additionally, data subjects must be notified of what action is being taken to protect them and what steps they should take to safeguard themselves from harm. For example, this may involve a suggested password reset or the use of credit monitoring services. In many cases, the latter will be offered freely by firms where a data breach has resulted in a risk to their customers and clients.

The length of a breach

When attacks are uncovered, an important issue is the span of a breach. Working backwards, forensic investigators will seek out the first point of penetration to assess for how many months, or even years, a system and the data stored on it has been vulnerable.

While the statement from Panasonic gave little information on the length of the breach window, Japan-based outlets NHK and Mainichi stated that the breach started on June 22.

NHK commented that the servers targeted stored information regarding both Panasonic technology and its business partners. Further reports state that staff data may also have been leaked during the attack.

It referenced the ransomware attack last year in November that involved a subsidiary of Panasonic that also resulted in a business data leak. Following the incident, Panasonic informed Mainichi that it could not yet predict how the breach would impact business performance and would not deny that it was potentially a serious event.

You wouldn’t want your customers’ data to be breached, but with our services offered here at Galaxkey this worry will be subdued. You can even start a free 14-day trial to see just how useful it is.