Two Japanese firms have recently disclosed ransomware incidents.
Apology and report of unauthorized access to our server.
Membership management operated in some of our stores (9 stores in total) on April 2, 2021 due to unauthorized access to our server (hereinafter referred to as the “Server”) from outside. A system failure (hereinafter referred to as the “System”) has occurred. We deeply apologize for any inconvenience and concern caused to you. We also apologize for the delay in reporting due to the time required to consider system recovery, investigate data leaks, and extract and analyze personal information stored on the server.
According to a survey conducted by a research firm, the ransomware infected with the server this time is not the type that steals information, and as of May 18, 2021, the research firm has asked customers, etc. We have received reports that we have been unable to confirm the fact that the information is posted on an external site.
For the time being, we will continue to investigate whether or not the customer information is disclosed on external sites with the cooperation of an external research company.
To date, no secondary damage has been confirmed due to the use of customer information, but we have established a call center to collect information such as inquiries on this matter. If you have suspicious emails or phone calls, please let us know at the end of the inquiry.
If it is confirmed that customer information, etc. has been leaked by future inquiries, etc., we will report it again.
Inquiries from many people are expected to be concentrated. Depending on the content of frequently asked questions and inquiries, we may respond in writing (including email) or by posting on our website. Thank you for your understanding.
The remainder of their posting provides specific details about the information on the server and why they do not believe that data was exfiltrated. In terms of the number of people impacted, they report the following number of individuals with information on the server
(34,920 people including credit card information)
— Name, address, date of birth, gender, telephone number, member number, email address, emergency contact information , Credit card information, account information, one or more of work (name, address, phone number)
— name, date of birth
For the full statement and details, see their web site.
The facts and recovery status found so far are as follows:
Early in the morning of June 10, 2021, we confirmed that our server had unauthorized access that appeared to be ransomware.
Immediately after that, to prevent the damage from spreading, we stopped the server and personal computers that could have an impact and shut down the network.
On the same day, after the restoration work, the server and personal computer were resumed and confirmed to be safe, and the locked network started communication.
In addition to informing the police and other related ministries and agencies, we are proceeding with the response in cooperation with related organizations.
At this time, we have not confirmed the leakage of information stored on this server or the fact that it has been illegally disclosed.
In the future, if new facts are clarified to be announced, we will inform you again on the home page, etc.
In light of this situation, we will work to further strengthen our information management system to prevent a recurrence.
We sincerely apologize for any inconvenience and concern caused to all parties concerned.
If you have any questions or queries regarding this matter, please contact the following: (Inquiry form https://itoyogyo.co.jp/contact/ )
Neither victim corporation identified the type of ransomware used, and Sports Club NAS specifically noted that they did not receive any ransom demand.
DataBreaches.net did not find data from either firm on any of the usual dedicated leak sites or forums where data tends to be traded or sold.