Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account information of employees and business partners of the company.
Murata Manufacturing CEO Norio Nakajima stated on June 28 apologizing for the case where a subcontractor downloaded a project management data file containing 72,460 pieces of information.
More than 30,000 documents contained business partner information like company name, address, associated names, phone numbers, email addresses, and bank account numbers. The companies are based in Japan, China, Philippines, Malaysia, Singapore, the US, and EU but the enterprises “subject to customer information are only China and the Philippines.”
“On July 20, 2021, it was confirmed that employees downloaded project management data, including business partner information and personal information, to a business computer without permission and uploaded it to a personal account of an external cloud service in China,” Nakajima said. He said. In the statement, he added that there was evidence that no one but the subcontractor had access to the data.
Over 41,00 documents about employees were in the leak as well, similarly containing names, addresses, and bank account numbers. The employees were based in the company’s offices in Japan, China, Philippines, Singapore, the US, and EU.
Murata said According to the investigation of the outsourced, the fact that the information taken out was accessed/acquired by a person other than the subcontractor employee and the fact that the information was misused is not found. In addition, we have received reports from a survey of external cloud service providers that it was confirmed that the information taken out was never copied or downloaded by a third party. Because it contains information and personal information, we have reached this announcement.
The notice included a timeline that tracked the incident from its inception on June 28 through its verification in August. Two days after the subcontractor downloaded the files, the company got a security alert and by July 4, their security team had confirmed what happened.
ITMedia, a Japanese news agency, told subcontractors, “I was uploading my know-how to the personal cloud and organizing it to learn system design, etc. It happened to contain confidential information about customers.”