Nikkei Data Breach Exposes 17,000 People’s Information
▼ Summary
– Nikkei’s Slack platform was compromised, exposing personal information of over 17,000 employees and partners.
– Attackers accessed Slack accounts using credentials stolen via malware from an infected employee computer.
– The leaked data included names, email addresses, and chat histories but did not involve confidential sources or reporting activities.
– Nikkei voluntarily reported the breach to Japan’s Personal Information Protection Commission despite no legal requirement.
– This incident follows previous security issues, including a 2022 ransomware attack and a 2019 business email compromise that cost $29 million.
Image: Nikkei/Masayuki Kozono
A significant data breach at the Japanese media powerhouse Nikkei has compromised the personal details of more than 17,000 individuals, including employees and business partners. The incident occurred through unauthorized access to the company’s Slack messaging platform, raising concerns about corporate cybersecurity practices.
Nikkei stands as a global media leader, owning prestigious outlets such as the Financial Times and The Nikkei, the latter recognized as the world’s largest financial newspaper. With around 3.7 million digital paid subscriptions and a network of over 40 affiliated firms, the corporation’s operations span publishing, broadcasting, event management, database services, and financial indices. Since acquiring the Financial Times in 2015, Nikkei has expanded its international presence, maintaining 37 foreign editorial bureaus and employing more than 1,500 journalists across the globe.
According to a statement released on Tuesday, attackers infiltrated employee Slack accounts by using stolen authentication credentials. These credentials were obtained after an employee’s computer became infected with malware. The breach was identified in September, prompting Nikkei to implement immediate security protocols, including compulsory password resets for all affected accounts.
The company confirmed that data potentially exposed includes names, email addresses, and chat histories belonging to 17,368 people registered on the Slack platform. Despite the large number of individuals affected, Nikkei clarified that the compromised information does not fall under Japan’s Personal Information Protection Law, which specifies mandatory reporting for certain types of data breaches. Nevertheless, the company voluntarily informed the Personal Information Protection Commission, emphasizing its dedication to transparency and acknowledging the incident’s importance.
Nikkei assured the public that no information pertaining to confidential sources or ongoing reporting activities was accessed or leaked. Data collected specifically for journalistic purposes remains secure and unaffected by this breach. A company representative stated, “We take this incident seriously and will further strengthen personal information management to prevent any recurrence.”
This is not the first cybersecurity challenge Nikkei has faced. In May 2022, a ransomware attack targeted the company’s Singapore subsidiary, potentially affecting a server storing customer data. Earlier, in September 2019, Nikkei America fell victim to a business email compromise (BEC) scam, resulting in a loss of approximately $29 million. In that incident, an employee was deceived by fraudsters impersonating a company executive into transferring funds to a fraudulent bank account.
(Source: Bleeping Computer)
