Sumitomo Forestry Co., Hitachi Chemical Co. and 36 other Japanese companies had authentication information to access their virtual private networks stolen and leaked by hackers this summer, an information security expert said Tuesday.
VPN usage has increased as companies encourage employees to work from home due to the novel coronavirus pandemic. The stolen data could facilitate illegal third-party access to the firms' internal networks.
The cyberattacks took place in June and July. Around 900 items of authentication data for access to VPN servers, provided by Pulse Secure LLC of the United States, were found to have been stolen and leaked online, of which 90 were linked to Japan, according to the expert and others familiar with the matter.
The government's National Center of Incident Readiness and Strategy for Cybersecurity has warned Japanese businesses to tighten security measures. No actual damage from the VPN data theft has been reported.
Pulse Secure released patches in April 2019 to fix vulnerabilities in its VPN service. Despite repeated warnings from the NISC and expert communities, however, some Japanese companies did not update their systems, leaving themselves vulnerable to hackers.