Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Network cavity blamed for data breach at Japanese candy maker Morinaga

Japanese confectionary manufacturer Morinaga has warned that a suspected data breach of its online store may have exposed the personal information of more than 1.6 million customers.

Potentially exposed information includes the names, addresses, telephone numbers,
 dates of birth, purchase histories, and, in fewer than 4,000 instances, email addresses of affected Morinaga Direct customers.

The firm fears that attackers accessed several servers managed by the vendor after exploiting vulnerabilities in its network.

‘Unauthorized access’

In the English-language version of a breach notice (PDF), Morinaga at it “cannot rule out the possibility of a leak of some personal information” of affected customers of its Morinaga Direct Store e-commerce business, after “several servers managed by the company were subjected to unauthorized access”.

The firm – which apologized to its customers, business partners, and other stakeholders – stated that the exposed information excluded credit card information.

Although there’s no evidence of any fraudulent use of potentially leaked personal information, the firm has begun directly notifying potentially affected customers about the incident.

Customers who bought products from the candy maker between May 1, 2018 and March 13, 2022 may be affected.

Investigation

The problem was identified on March 13, when staff investigating the cause of error messages on company-managed servers detected evidence of unauthorized access.

“Some segments of the company’s internal IT system were impaired as a result of the unauthorized access,” Morinaga reports.

Morinaga shut down external access to its network after discovering the breach, before hiring external experts and setting about investigating the breach.

“The initial investigation confirmed that several of the company’s servers had been subjected to unauthorized access and that access to some data had been locked,” the vendor’s official statement said, adding that one of the affected servers handled product deliveries to Morinaga Direct Store customers.

Use of the term “locked” implies that some form of ransomware might have been involved in the attack, but this remains unconfirmed. The Daily Swig contacted the Japanese manufacturer for confirmation on this point along with a request for an update on its incident response and breach investigation.

Morinaga’s investigation has thus far determined that it is “highly likely that the unauthorized access was achieved through the exploitation of vulnerabilities in [unnamed but internet-connected] network devices”.

Although there has been “some impact on the supply of certain products” following the incident, Morinaga said it does not anticipate anything more than a “minor” impact on its business performance.

The firm has nonetheless reported the incident to law enforcement and Japan’s Personal Information Protection Commission.

Advertisement. Scroll to continue reading.

Source: https://portswigger.net/daily-swig/network-cavity-blamed-for-data-breach-at-japanese-candy-maker-morinaga

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

The well-known watch manufacturing company Seiko disclosed the data breach notification recently on Aug 2023, targeted by the notorious threat group BlackCat/ALPHV. BlackCat/ALPHV Group has been...

Cyber Security

Privileged users typically hold crucial positions within organizations. They usually have elevated access, authority, and permission levels in the organization’s IT systems, networks, applications,...

Cyber Security

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO