Two-Month Cyber Breach at Mizuno USA Under Investigation

 

Unauthorized access to Mizuno USA's network has resulted in a compromise of sensitive customer information, which has caused Mizuno USA to notify its customers about the breach. In a letter to affected individuals, the sports gear manufacturer shared information regarding the breach with the Maine Office of the Attorney General, including details about it. 

There was suspicious activity detected on the company's systems on November 6, 2024, which prompted an immediate investigation. The investigation concluded that an unknown threat actor gained access to certain network systems, as well as exfiltrating files without authorization, for an extended period from August 21 to October 29, 2024. 

As one of the leading sporting goods manufacturers worldwide, Mizuno USA, one of the subsidiary companies of Mizuno Corporation, has confirmed an instance of unauthorized access to sensitive files by unauthorized persons between August and October 2024, resulting in the theft of those sensitive files. Mizuno USA is a North American company with headquarters in Peachtree Corners, Georgia, specializing in the manufacture and distribution of sports equipment, apparel, and footwear across a wide range of sports disciplines, such as golf, baseball, volleyball, and tennis. 

The company announced in its filing to the Maine Office of the Attorney General on Thursday that they had noticed suspicious activity on the company's network as early as November 6, 2024, and that they had subsequently conducted an investigation into the matter in the following days. It was found that unknown attackers had taken advantage of certain systems and accessed data containing personal information about an undisclosed number of individuals by hacking into them. 

In response to the breach, Mizuno USA has taken steps to increase its cybersecurity defences and has notified individuals who have been impacted by the breach. Mizuno USA continues to work with security experts to address the impact and prevent further incidents from taking place. As a result of the breach, Mizuno USA has taken steps to minimize the risk to its customers. The company is in the process of improving its cybersecurity measures and is working with security professionals to minimize future incidents. 

All customers affected by the breach have been notified, and they have been advised how to take protective measures to ensure the privacy and security of their personal information will be maintained. There was a recent cyber-attack on Mizuno USA that resulted in sensitive personal and financial information being compromised, however, the company isn't sure exactly how many people have been affected as a result of this attack. 

There is a lot of information that has been stolen, including names, Social Security numbers, details of financial accounts, and information about driver's licenses and passports. According to Mizuno USA, as a result of the breach, all individuals who were affected will be able to enjoy free monitoring of their credit records as well as free identity theft protection services for one year. As well as this, the company has also advised affected individuals to continue paying attention to their financial accounts so that they are protected from potential fraud. 

There has been no official announcement by Mizuno USA as to who has been responsible for the attack, but cyber security reports indicate that the BianLian ransomware gang claimed responsibility in November 2024 for the attack. As outlined by cybersecurity researcher HackManac on the X blog, the threat group is alleged to have exfiltrated a wide array of sensitive customer and business information, including financial records, Human Resources documents, confidential contracts, vendor and partner information, trade secrets, patents, and internal email communications. 

Currently, Mizuno USA is still assessing the full effect of the breach, and as a result, is taking steps to enhance its cybersecurity defences to prevent future breaches in the future. There have been further increases in the extortion tactics used by the BianLian ransomware gang as a result of the cyberattack that targeted Mizuno USA. Mizuno has recently been updated on the attackers' dark web leak site. There, they posted a screenshot of a spreadsheet allegedly detailing the company's expenses related to the ransomware attempt that occurred in 2022 and additional documents purportedly stolen from Mizuno's system in 2024. 

Known as BianLian, the company has been active since June 2022 and has mainly targeted international entities involved in critical infrastructure and private enterprises. In January 2023, the Avast ransomware team released the free decryptor to obtain back access to the ransomware, which prompted them to focus their attention on extortion attacks, relying on stolen information and pressure to get victims to pay for the ransomware. 

Even though reports have been circulating about widespread attacks undertaken by this cybercrime group, there has been no ceasefire in its expansion, with recent attacks occurring against major companies, such as Air Canada, Northern Minerals, and Boston Children's Health Physicians. To ensure that Mizuno USA does not repeat the mistakes, the company continues to assess the full impact of the breach as well as strengthen its