In a recent disclosure, Nidec Corporation, a global leader in precision motors and automotive components, confirmed a significant data breach from a ransomware attack that occurred earlier this year. Hackers, after failing to extort the company, leaked stolen data on the dark web. This breach did not involve file encryption, but the stolen information has raised concerns for employees, contractors, and associates regarding potential phishing attacks.
Nidec operates in over 40 countries and has an annual revenue exceeding $11 billion.
The affected division, Nidec Precision, is based in Vietnam and specializes in manufacturing optical, electronic, and mechanical equipment for the photography industry. An internal investigation revealed that hackers accessed a server using stolen VPN credentials of a Nidec employee. This server contained sensitive documents, including business letters, purchase orders, invoices, health policies, and contracts. Over 50,000 files were compromised in the breach.
The company responded by closing the entry point and implementing additional security measures as advised by cybersecurity experts.
Employees are undergoing further training to reduce future risks, with Nidec notifying business partners who may have been affected.
The attack was initially claimed by the 8BASE ransomware group in June, who alleged they stole personal data and a large volume of confidential information from Nidec’s systems. In July, the Everest ransomware group also published stolen data on the dark web, suggesting a connection to 8BASE and initiating a secondary extortion attempt.
While Nidec has confirmed the authenticity of the stolen data, it downplayed the potential for direct financial damage to the company or its contractors.
However, the company remains vigilant and continues to monitor for any unauthorized use of the information.
This attack underlines the vulnerability of even the largest corporations to cybercriminals and the importance of robust security measures. As ransomware groups continue to evolve their tactics, companies like Nidec must ensure they are prepared to mitigate threats and protect their sensitive data.
The Nidec breach is a stark reminder of the ongoing risks in today’s interconnected business environment.
In response to this breach, Nidec has implemented stronger security protocols and is actively educating its workforce on how to mitigate cybersecurity risks moving forward.