Originally published on: https://threatpost.com/panasonic-data-breach-questions/176660/
Cyberattackers had unfettered access to the technology giant’s file server for four months.
Consumer electronics giant Panasonic’s data breach raises questions, researchers say – given that more than two weeks after the incident was discovered, it’s unclear if customers’ personal information has been impacted.
On Friday, Panasonic confirmed that its “network was illegally accessed by a third party on November 11, 2021,” and that “some data on a file server had been accessed during the intrusion.”
It added, “Panasonic is currently working [to] determine if the breach involved customers’ personal information and/or sensitive information related to social infrastructure.” Further details on the breach are thin, with Panasonic’s bare-bones statement offering very little in the way of technical detail or timeline. However, local reports picked up by the Record indicated that the breach had been ongoing since June, giving attackers plenty of time to knock around in the Japanese behemoth’s files.
The NHK news outlet also noted that “in addition to information about the company’s technology and business partners, personal information of employees was stored on the server….the company says that the leakage of information to the outside has not been confirmed at this time,” according to its sources [translation via Google Translate].
However, Jake Williams, co-founder and CTO at BreachQuest, speculated that the intrusion could balloon into a major incident.
“As is typical in these early-stage incident reports, there are many unknowns,” he said via email. “In this case however, there are already red flags. NHK reported that internal network monitoring was the source of the incident detection, seemingly implying that the depth of intrusion is more than a misconfigured external server…Those [misconfiguration] cases at least have localized impact because there is no threat of threat actor lateral movement deeper into the network.”
John Bambenek, principal threat hunter at Netenrich, also noted that the four-month gap between breach and detection is concerning. “While attacks on Japanese companies are continuing, the fact that the initial infection occurred in June and wasn’t detected until November demonstrates that companies are continuing to lag behind attackers,” he said via email. “Breaches need to be detected in hours, not months.”
However, Eddy Bobritsky, CEO at Minerva Labs, had a different take on the reported timeline. “Although their investigation hasn’t been completed yet, Panasonic seem to be lucky here as they were able to detect the breach relatively quickly,” he said. “According to…IBM’s ‘Cost of Data Breach 2021’ report, on average it took 287 days to identify and contain a data breach.”
The news follows a ransomware attack on Panasonic India last year, which resulted in email addresses and financial data being leaked. Also, Panasonic is just the latest in a line of attacks on Japanese companies: Info-stealing hacks in 2020 on Kawasaki, Kobe Steel and Pasco, Mitsubishi Electric and NEC formed a notable cluster of events. And, this October, a ransomware attack paralyzed Japanese tech giant Olympus.
It’s unclear yet when more details will emerge in the latest hit. “Panasonic likely has some work ahead to threat hunt in its network before fully understanding the scope of the compromise,” BreachQuest’s Williams said.
You may also be interested in: