The Japan-based confectionary firm Morinaga has recently disclosed a security breach exposing the personal data of its customers. While the firm investigates the matter, it currently assured finding no evidence of fraudulent use of breached information.
Morinaga Data Breach Details
As elaborated in a data breach notice, Morinaga suffered a cyberattack on its servers on March 13, 2022.
When investigating the cause of errors detected in several servers managed by the Company late in the evening of Sunday, March 13, the Company identified signs that unauthorized access to the servers by a third party had occurred.
Upon detecting the unauthorized intrusion, the company shut down the “impaired” servers and started investigating the matter.
While the investigations still continue, the firm suspects potential exposure of customers’ data to the attackers. Specifically, they fear that the incident possibly leaked the personal data of over a million customers.
It was also confirmed that the breached servers included one used to store information connected with product deliveries to Morinaga Direct Store customers, that access to that data had been locked, and that the data included customers’ personal information.
Precisely stating the number of affected individuals and the data exposed, the notification reads,
a. Customers concerned: 1,648,922 customers who used the Morinaga Direct Store (formerly “Healthy Life with Angel”) between May 1, 2018 and March 13, 2022.
b. Data concerned: Name, address, telephone number, date of birth, gender, email address*, and purchase history
*Credit card data was not accessed
*Only email addresses of 3,887 customers (approx. 0.2% of the total) who used e-commerce shopping sites
It presently remains unclear how the attackers managed to infiltrate the Morinaga network. Yet, considering how the company admitted server impairment following the incident and shutting down of internet connections, the possibility of a ransomware attack cannot be ruled out.
Morinaga also admitted suffering a “minor” impact on business operations due to the temporary suspension of IT segments.
More details are yet to surface online.