Hackers roamed Panasonic's internal networks for months
The company has launched an investigation into the breach, but the culprits are not yet identified.
Panasonic, a major Japanese company with over 250,000 employees, announced a third party illegally accessed its network. The breach was discovered on November 11.
“After detecting the unauthorized access, the company immediately reported the incident to the relevant authorities and implemented security countermeasures, including steps to prevent external access to the network,” Panasonic stated in a press release.
The company claims to have launched an internal investigation and to be working with a third-party organization to understand the scope and impact of the breach.
The press release claims that it’s not clear whether the breach involved customers’ personal data or any other sensitive information. Japanese media outlets Nikkei and NHK News claim that the breach lasted for over four months, from June 22 till November 3.
While the damage seems to involve only domestic Japanese networks, hackers are said to have accessed customer information, employee personal information, and Panasonic technical information.
Last November, Panasonic India was hit by a ransomware attack when Russian-speaking threat actors asked $500,000 in exchange for gigabytes of corporate data stolen from the company.
The culprits later released a 4GB data archive containing information on relations with suppliers, bank account numbers, a list of internal passwords, and information on software systems.
Since many people reuse their passwords and usernames across multiple accounts, credential stuffing attacks are the biggest threat after unauthorized access to information on passwords.
Users are generally recommended to change their passwords regularly and to use unique passwords for every account.
If you suspect that threat actors might have scraped your data, we recommend you:
- Use our personal data leak checker to find out if your data has been leaked by the threat actor.
- Beware of suspicious LinkedIn messages and connection requests from strangers.
- Change the password of your LinkedIn and email accounts.
- Consider using a password manager to create strong passwords and store them securely.
- Enable two-factor authentication (2FA) on all your online accounts.
Also, watch out for potential phishing emails and text messages. Again, don’t click on anything suspicious or respond to anyone you don’t know.
More from CyberNews
Subscribe to our newsletter