Panasonic has confirmed that a third party accessed its network.
According to a press release, the company reported the breach to authorities after detecting unauthorized access. Panasonic is also currently working with a specialized third-party organization to investigate the breach and determine if customer’s personal information and/or sensitive information related to the social infrastructure was accessed.
An internal investigation revealed that some data on a file server had been accessed, Panasonic claims. Since the intrusion, the company has implemented security countermeasures, including steps to prevent external access to the network.
Jake Williams, Co-Founder and CTO at BreachQuest, an Augusta, Georgia-based leader in incident response, says, “As is typical in these early-stage incident reports, there are many unknowns, particularly given the level of detail given in the initial disclosures. In this case, however, there are already red flags. NHK reported that internal network monitoring was the source of the incident detection, seemingly implying that the depth of intrusion is more than a misconfigured external server. Taken at face value, this means that Panasonic likely has some work ahead to threat hunt in its network before fully understanding the scope of the compromise. This stands in stark contrast to cases where a simple misconfiguration on a server allows a threat actor access to excessive data. Those cases at least have localized impact because there is no threat of threat actor lateral movement deeper into the network.”
“While attacks on Japanese companies are continuing, the fact that the initial infection occurred in June and wasn’t detected until November demonstrates that companies are continuing to lag behind attackers. Breachers need to be detected in hours, not months,” notes John Bambenek, Principal Threat Hunter at Netenrich, a San Jose, California-based digital IT and security operations company.