Kawasaki Heavy Industries, Ltd. is a Japanese public multinational corporation primarily known as a manufacturer of motorcycles, engines, heavy equipment, aerospace and defense equipment, rolling stock and ships.
The company declared that it was subject to unauthorized access from outside the company. As a result of a thorough investigation, the company have discovered that some information from overseas offices might have been leaked to external parties.
“On June 11, 2020, an internal system audit revealed a connection to a server in Japan from an overseas office (Thailand) that should not have occurred. Within the same day, communication between the overseas office and our Japan office was fully terminated considering as a case of unauthorized access.” reads the statement published by the company.
Kawasaki discovered this incident during an internal audit, their IT staff observed “a connection to a server in Japan from an overseas office (Thailand) that should not have occurred.”
Further unauthorized accesses to servers in Japan from other overseas sites (Indonesia, the Philippines, and the United States) were subsequently discovered.
The company has improved monitoring operations to accesses from overseas offices and tightened access restrictions to block unauthorized accesses.
After Confirming the suspicious unauthorized accesses from overseas offices, the company added additional restriction and implemented improved network communication restrictions at all overseas.
Kawasaki Heavy Industries conducted a thorough security soundness assessment of about 26,000 terminals in Japan and Thailand network and around 3,000 terminals in overseas offices network (excluding Thailand) where breaches possibly occurred.
Information security measures have been a top priority for the company since it handles significant sensitive information such as personal and social infrastructure-related information.
Nevertheless, unauthorized access had been carried out with advanced technology that did not leave a trace, the company reveals.
“The investigation confirmed a possibility that information of unknown content may have been leaked to a third party. However, at present, we have found no evidence of leaking information including personal information to external parties”, said the company.
The company promises to harden monitoring and access control in communication networks between their overseas and domestic offices.
Furthermore, the Cyber Security Group which was established on November 1, 2020, will strengthen security measures, analyzing the most recent unauthorized access methods to avoid reappearance.