Mitsubishi Electric Corp. said Monday it was hit by a massive cyberattack and that information on government agencies and business partners may have been compromised, with a Chinese group believed behind the attack.
A key player in Japan’s defense and infrastructure industries, the company said email exchanges with the Defense Ministry and Nuclear Regulation Authority, as well as documents related to projects with firms including utilities, railways, automakers and other firms may have been stolen.
It also said personal data on over 8,000 people, including employees, retirees and job-seekers, had been endangered.
Highly sensitive information on defense, electricity or other infrastructure operations, however, was not breached, it said.
The personal data was related to 1,987 new graduates who were seeking to enter the firm between October 2017 and April 2020, as well as others who sought jobs between 2011 and 2016.
Also, the results of a 2012 survey on human resource matters covering 4,566 employees, in addition to data on 1,569 retirees who received severance pay between 2007 and 2019 may have been compromised, it said.
In June, the company spotted irregular activity on devices in Japan and conducted an internal probe that found unauthorized access to management sections at its head office and elsewhere.
A Chinese cybercrime group is suspected of accessing its computers and servers, it said.
The company said it has not confirmed any damage from the illegal access, as it restricted external access and took other steps after detecting the activity in June.
Chief Cabinet Secretary Yoshihide Suga said the government was notified but that the targeted data also included that on sales and technology.
“They have confirmed there is no leak of sensitive information regarding defense equipment and electricity,” Suga reiterated.
Mitsubishi Electric had the third-largest contract for major equipment at the Defense Ministry in fiscal 2018. It is involved in cybersecurity. Since July last year, the company has been providing cybersecurity services to public facilities and private companies.
The company on Monday started notifying clients and apologizing to individuals whose information may have been breached, it said, adding it will continue to bolster its information security and monitoring measures.
Japan lags behind other countries in addressing cyberattacks. It was reported last year that the Defense Ministry had plans to increase the number of personnel in its cyberspace unit from 150 to 220 during the current fiscal year.
That number compares with 6,200 in the United States, 7,000 in North Korea and 130,000 in China, according to the ministry.