Newsletter
Join thousands of people who receive the latest breaking cybersecurity news every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
Share this article:
Cyberattackers had unfettered access to the technology giant’s file server for four months.
Consumer electronics giant Panasonic’s data breach raises questions, researchers say – given that more than two weeks after the incident was discovered, it’s unclear if customers’ personal information has been impacted.
On Friday, Panasonic confirmed that its “network was illegally accessed by a third party on November 11, 2021,” and that “some data on a file server had been accessed during the intrusion.”
It added, “Panasonic is currently working [to] determine if the breach involved customers’ personal information and/or sensitive information related to social infrastructure.”
Infosec Insiders Newsletter
Further details on the breach are thin, with Panasonic’s bare-bones statement offering very little in the way of technical detail or timeline. However, local reports picked up by the Record indicated that the breach had been ongoing since June, giving attackers plenty of time to knock around in the Japanese behemoth’s files.
The NHK news outlet also noted that “in addition to information about the company’s technology and business partners, personal information of employees was stored on the server….the company says that the leakage of information to the outside has not been confirmed at this time,” according to its sources [translation via Google Translate].
However, Jake Williams, co-founder and CTO at BreachQuest, speculated that the intrusion could balloon into a major incident.
“As is typical in these early-stage incident reports, there are many unknowns,” he said via email. “In this case however, there are already red flags. NHK reported that internal network monitoring was the source of the incident detection, seemingly implying that the depth of intrusion is more than a misconfigured external server…Those [misconfiguration] cases at least have localized impact because there is no threat of threat actor lateral movement deeper into the network.”
John Bambenek, principal threat hunter at Netenrich, also noted that the four-month gap between breach and detection is concerning.
“While attacks on Japanese companies are continuing, the fact that the initial infection occurred in June and wasn’t detected until November demonstrates that companies are continuing to lag behind attackers,” he said via email. “Breaches need to be detected in hours, not months.”
However, Eddy Bobritsky, CEO at Minerva Labs, had a different take on the reported timeline.
“Although their investigation hasn’t been completed yet, Panasonic seem to be lucky here as they were able to detect the breach relatively quickly,” he said. “According to…IBM’s ‘Cost of Data Breach 2021’ report, on average it took 287 days to identify and contain a data breach.”
The news follows a ransomware attack on Panasonic India last year, which resulted in email addresses and financial data being leaked. Also, Panasonic is just the latest in a line of attacks on Japanese companies: Info-stealing hacks in 2020 on KawasakiKobe Steel and Pasco, Mitsubishi Electric and NEC formed a notable cluster of events. And, this October, a ransomware attack paralyzed Japanese tech giant Olympus.
It’s unclear yet when more details will emerge in the latest hit. “Panasonic likely has some work ahead to threat hunt in its network before fully understanding the scope of the compromise,” BreachQuest’s Williams said.
There’s a sea of unstructured data on the internet relating to the latest security threats. REGISTER TODAY to learn key concepts of natural language processing (NLP) and how to use it to navigate the data ocean and add context to cybersecurity threats (without being an expert!). This LIVE, interactive Threatpost Town Hall, sponsored by Rapid 7, will feature security researchers Erick Galinkin of Rapid7 and Izzy Lazerson of IntSights (a Rapid7 company), plus Threatpost journalist and webinar host, Becky Bracken.
Register NOW for the LIVE event!
Share this article:
Kaspersky researchers suspect that the cyberattackers may be a subgroup of the politically motivated, Palestine-focused Gaza Cybergang.
The insurer won’t pay for ‘acts of cyber-war’ or nation-state retaliation attacks.   
A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug.


This site uses Akismet to reduce spam. Learn how your comment data is processed.
Join thousands of people who receive the latest breaking cybersecurity news every day.
Pankaj Gupta, Senior Director at @Citrix, outlines how distributed denial of service attacks have become increasing… https://t.co/djwhuUE82e
2 weeks ago
Get the latest breaking news delivered daily to your inbox.
The First Stop For Security News
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.

source