Japanese company Mitsubishi Electric has today disclosed an information leak that occurred over six months ago.
The century-old electronics and electrical equipment manufacturing firm announced the breach by issuing a brief statement on its website.
An official internal investigation was launched after suspicious activity was observed taking place on June 28, 2019. The company said that upon noting the unusual behavior on the network, measures were immediately taken to restrict external access.
According to Nippon.com, hackers accessed servers and computers at Mitsubishi headquarters and other offices belonging to the company in a large-scale cyber-attack.
Mitsubishi said: "We have confirmed that our network may have been subject to unauthorized access by third parties and that personal information and corporate confidential information may have been leaked to the outside."
Mitsubishi announced the breach today after it was reported by two newspapers, the Asahi Shimbun and Nikkei. A theory put forward by both local papers is that the attack was initiated by a cyber-espionage group with links to the People's Republic of China.
While Nikkei reported that hackers swiped 200 MB of information from Mitsubishi, the manufacturer claims that its investigation of the incident uncovered no evidence that any sensitive data connected to its business partners or government defense contracts had been stolen or misused.
In a statement no doubt intended to reassure Mitsubishi's corporate parents, the company wrote: "As a result of an internal investigation, it has been confirmed that sensitive information on social infrastructure such as defense, electric power, and railways, highly confidential technical information, and important information concerning business partners has not been leaked."
When announcing the incident, Mitsubishi didn't explain why it had waited so long after discovering the breach to go public with the news. However, the inclusion of the comment "to date, no damage or impact related to this matter has been confirmed" could imply that the company chose to hold back information until it had a clear idea of what the effects of the breach might be.
Japan's chief cabinet secretary Yoshihide Suga said the government had been informed of the cybersecurity breach and that there was no leak of information related to defense equipment or to the electric power sector.