The Panasonic Corporation has disclosed a data security incident in which an undisclosed amount of data was compromised.
In a statement issued Friday, the major Japanese multinational conglomerate announced that an unauthorized third party had gained access to its network on November 11.
An internal investigation was launched that determined that the intruder had accessed some data stored on a file server. Panasonic did not say how much data was compromised in the incident or whether any sensitive information was accessed.
The company said that a “specialist third-party organization” is currently undertaking a second investigation into the incident. This probe is expected to discover the precise quantity and nature of the information accessed by the intruder.
Panasonic has not shared any information regarding how the unauthorized access was detected. However, the company did state that it “immediately reported the incident to the relevant authorities and implemented security countermeasures, including steps to prevent external access to the network.”
Japanese news outlets Mainichi and NHK reported that the data breach went on for four months, from June 22 to November 3. NHK claimed that sensitive data, including information on the company’s partners, personal details pertaining to customers and employees and technical files from Panasonic’s operations in Japan, was accessed in the intrusion.
John Bambenek, the principal threat hunter at Netenrich, told Infosecurity Magazine that the reported delay in detection “demonstrates that companies are continuing to lag behind attackers.”
Jake Williams, co-founder and CTO at BreachQuest, said that NHK’s data breach coverage raised several “red flags.”
“NHK reported that internal network monitoring was the source of the incident detection, seemingly implying that the depth of intrusion is more than a misconfigured external server. Taken at face value, this means that Panasonic likely has some work ahead to threat hunt in its network before fully understanding the scope of the compromise,” said Williams.
“This stands in stark contrast to cases where a simple misconfiguration on a server allow a threat actor access to excessive data. Those cases at least have localized impact because there is no threat of threat actor lateral movement deeper into the network."