Japanese e-commerce giant Askul Corporation, a major business-to-business and business-to-consumer office supplies company owned by Yahoo! Japan, has concluded its investigation into the scope of the ransomware attack it experienced in October. The company has officially confirmed that the breach, which caused an IT system failure and forced a suspension of shipments to customers like the retailer Muji, led to the theft of around 740,000 customer and partner records. This incident was claimed by the RansomHouse extortion group, which initially disclosed the breach on October 30 and subsequently leaked stolen data in November and December.
The compromised information spans several categories, with the largest group being business customer service data, which accounts for approximately 590,000 records. Additionally, around 132,000 records of individual customer service data were stolen. The breach also impacted corporate relationships, as approximately 15,000 records belonging to business partners, including outsourcers, agents, and suppliers, were compromised. Finally, a smaller but critical set of data, about 2,700 records, was stolen from executives and employees, including those in group companies.
Askul is taking steps to mitigate the harm caused by the data exposure. The company noted that specific details about the nature of the compromised information are being withheld to prevent further exploitation by malicious parties. All affected customers and partners will be contacted individually by the company with relevant details regarding their specific data. This individualized notification process is crucial for helping those impacted take the necessary security precautions.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
In addition to notifying its users, Askul has formally informed the country’s Personal Information Protection Commission about the incident and the extent of the data exposure. To proactively address the long-term risk of misuse, the corporation has also implemented long-term monitoring services designed to detect and prevent any illicit utilization of the stolen data. These regulatory and preventive measures are standard procedures following a significant data breach in Japan.
Despite the investigation being concluded and containment measures being established, the operational recovery is not yet complete. As of December 15, order shipping continues to be affected by the fallout from the October incident. The company remains focused on its ongoing efforts to fully restore all of its IT systems to normal operation, which will allow the business to return to its pre-attack service levels for shipping and logistics.
Source: Askul Confirms Theft Of 740k Customer Records In Ransomware Attack