Kawasaki security breach
Kawasaki Heavy Industries, Ltd. – a Japanese public multinational corporation, known primarily as a manufacturer:
- Rolling stock
The company said it was exposed to unauthorized access from the outside. After a thorough investigation, the company discovered that some information from its overseas offices may have been transferred to third parties.
“On June 11, 2020, an internal system audit revealed an unauthorized connection to a server in Japan from the company’s Thailand office. On the same day, the connection between the overseas office and Japan was completely cut off, and the incident was regarded as a case of unauthorized access, ”says an official statement companies.
Kawasaki’s IT staff discovered a connection to a server in Japan from an overseas office in Thailand that shouldn’t have happened.
Subsequently, other unauthorized connections to servers in Japan from other overseas offices were discovered in:
- The Philippines
The company has improved operations to monitor access from overseas offices and tightened restrictions to block unauthorized connections.
After confirming suspicious unauthorized access from overseas offices, the company added additional restrictions and implemented improved network connection restrictions for everyone abroad.
Kawasaki Heavy Industries has conducted a thorough safety assessment by verifying:
- about 26,000 terminals in the network of Japan and Thailand
- about 3,000 terminals in the network of overseas offices (excluding Thailand) where violations may have occurred.
Information security measures have been a top priority for the company as it handles sensitive confidential information such as:
- personal information
- information related to social infrastructure
However, the company reports that the unauthorized access was carried out using advanced technology that left no trace.
“The investigation confirmed the possibility that information of unknown content could be transferred to a third party. However, at present, we have not found any evidence of information leakage to third parties, ”the company said.
The company promises to strengthen monitoring and control of access in communication networks between foreign and domestic offices.
In addition, the Cybersecurity Group, created on November 1, 2020, will strengthen security measures by analyzing the latest tampering techniques to avoid the recurrence of similar incidents in the future.