【Important Notice】Notification and Apology Regarding Potential Personal Information Leakage
October 22, 2024
We regret to inform you that our servers were subjected to unauthorized access by a third party, resulting in a ransomware attack. Consequently, it has been confirmed that there is a possibility that personal information related to our employees and employees of our business partners, which information is managed by our company, may have been leaked (hereinafter referred to as “this incident”). In response, we have established a countermeasure team and, with advice from external experts, including specialized vendors and legal counsel, have been working to identify the cause, investigate the scope of the leakage, and develop measures to prevent any reoccurrence.
Below is an outline of the incident as revealed by the investigation. Additionally, we have reported this incident to the Personal Information Protection Commission in Japan in accordance with legal obligations and have been individually notifying those who are legally required to be informed.
We sincerely apologize for any concern and inconvenience caused to our business partners and related parties, and also for the delay in providing this notice due to the time required to conduct a thorough investigation of the incident.
1.Outline and Cause Behind the Incident
On August 25, 2024, it was confirmed that access to files on our company’s server was no longer possible. We immediately requested emergency support from the vendor entrusted with the construction and operation of our systems and initiated an investigation by external experts.
As a result of the investigation, it was determined that from August 22 to August 25, 2024, a third party who had stolen authentication information through some means gained unauthorized access to our servers and executed ransomware, encrypting the files. Additionally, it was revealed that there is a possibility that personal information of our employees and the employees of our business partners may have been leaked due to this unauthorized access.
2.Timeline of Incident Identification and Actions Taken to Date
On the night of August 25, 2024, an employee of our company confirmed that files on the server were inaccessible due to encryption.
On the morning of August 26, the vendor responsible for our systems’ construction and operation was notified, and emergency measures were requested. We also began discussions with external experts to commence an investigation, which was promptly initiated.
On August 28, we consulted with external legal counsel specializing in cybersecurity, received advice, and began coordinating our response to this incident.
On August 29, we submitted a preliminary report to the Personal Information Protection Commission in Japan.
Since then, we have been engaged in ongoing discussions and information exchanges with the police, external experts, and legal counsel – all while conducting internal investigations.
On October 9, we received a report from external experts regarding the cause and details of this incident.
3.Personal Information Suspected of Having Possibly Been Leaked
The personal information suspected of having possibly been leaked includes the following data related to our employees (including former employees and job applicants) and employees of our business partners:
Personal Information of Our Employees:
– Name
– Company name
– Date of birth
– Gender
– Address
– Phone number
– Email address (personal and company)
– Bank account information
– Educational background
– Employment history
– Sensitive personal information
Personal Information of Our Business Partners’ Employees:
– Name
– Company name
– Date of birth
– Gender
– Address
– Phone number
– Email address (personal and company)
4.Subsequent Effects from This Incident
At present, no subsequent effects from this incident have been confirmed. Moreover, there has been no impact on our company’s operations, and as our company is not connected to NYK Line or NYK Group company’s network, there is also no impact on the operations of NYK Line or other NYK Group companies.
5.Measures to Be Implemented
We take this incident very seriously and are committed to further strengthening our management system, including security measures for authentication information and the oversight of our external vendors. We will continue to take strict measures against unauthorized access and other criminal acts.
If you have any questions, please contact the following inquiry desk:
<Personal Information Protection Desk>
https://www.monohakobi.com/en/contact/
We extend our deepest apologies for the significant concern and inconvenience caused to all of you who are affected by this matter.
Sincerely,