Panasonic, The Japanese tech company has confirmed data breach after the hackers accessed the personal information of the job candidates and interns.
Company said that it network was illegally accessed by a third party on November 11. NHK (Japanese publication) reported that the attacked serves stored information about Panasonic business partners and the companies technology.
The company also confirmed that the data breach which began at June 22 and ended on November 23, before being detected on November 11.
News of this data breach comes less then a year after Panasonic India hit with a ransomware that saw hackers leak 4 gigabytes of data, including financial information email addresses. It also comes amid a wave of cyberattacks targeting Japanese companies.
What is a Data Breach
A data breach is a situation where sensitive and private information are stolen or taken from system or device without knowledge or authorizing of the systems/company owner.
The information or data stolen can effect in different way like reputation of companies, customer may also suffer from financial lose and lot of important secret data can be leaked.
It can occur in any organization, from a small business to big corporations. If anyone who is not authorized to do so views personal data, or steal the entire data, the organizations charged with protecting that information is said to have suffered a data breach.
Most of data breaches include personal information, such as credit card numbers, license numbers , health care history, corporate information etc.
Types of data breach
- Physical breach: It involves the physical theft or equipment that contains account data of card holder , copy of bills and receipts etc. To protect this breach always remember to put passwords in your device, if its not in use either destroy them or make sure to take/delete all data before selling it.
- Electronic breach: It is an unauthorized attack on system or network where lot of data is stored of a person or a company. Big companies encrypt their data so it get difficult for hacker or for anyone if he/she gains unauthorized access. According to experts one may use hard drive shredding, as encrypted data can be hacked but a shredded hard drive can’t expose anything.
- Skimming: It involves the capture and recording of magnetic strip data on back of credit/debit cards. Skimming uses external device which is sometimes installed on merchants POS without their knowledge. Many times this device is installed by one of employee of companies, they collect the data and use it to create counterfeit credit and debit cards, they also blackmail to sell their important data for gaining money. To prevent skimming regularly check equipment for attached skimming devices or evidence of tampering.
What Panasonic said after breach
Company said an internal investigation was launched that determined that intruder had accessed some data stored on file server. They did not disclose that how much data was compromised in the incident or whether any sensitive information was accessed.
They said a specialist third party organization is undertaking a second investigation into the incident. This investigation is expected to discover the precise quantity and type of the information accessed by the intruder.
The company did not shared any information that how the unauthorized access was been detected. The company was sorry for their mistake and inconvenience.
Jake Williams, Co-Founder and CTO at BreachQuest, an Augusta, Georgia-based leader in incident response, says, “As is typical in these early-stage incident reports, there are many unknowns, particularly given the level of detail given in the initial disclosures. In this case, however, there are already red flags. NHK reported that internal network monitoring was the source of the incident detection, seemingly implying that the depth of intrusion is more than a misconfigured external server.
Taken at face value, this means that Panasonic likely has some work ahead to threat hunt in its network before fully understanding the scope of the compromise. This stands in stark contrast to cases where a simple misconfiguration on a server allows a threat actor access to excessive data. Those cases at least have localized impact because there is no threat of threat actor lateral movement deeper into the network.”