Japanese conglomerate Panasonic Corp. disclosed that job seeker and business partner data was stolen in a breach the company first exposed in November.
The company still has not revealed the exact details of how the data breach took place in its January 7 announcement, instead referring to the incident as unauthorized access to a computer file server. Panasonic said an investigation revealed that the breach of a file server in Japan occurred through a server at an overseas subsidiary. The original November report suggested it was Panasonic India.
Although the data breach was first detected on November 11, previous reports suggest the breach involved unauthorized access as of June 22.
Panasonic has confirmed that application and internship information, including personal information, has been viewed and the relevant people have been contacted. Business information, including business information provided by business partners and information collected internally by the company, also resided on the server. It is analyzed and reported individually to the relevant business partners.
The company noted that no consumer information resided on the illegally accessed server.
Panasonic added that it has put in place additional security countermeasures, including tightening access controls from foreign sites, resetting relevant passwords and tightening monitoring of access to servers. . The company is also committed to continuing to improve its information security measures, including improving the monitoring, control and security of its networks, servers and personal computers across its global operations.
While still unconfirmed, the implication, given that the access was via an affiliate, is that the user’s login information was viewed at Panasonic India, giving those at the origin of the data breach was accessing the server in Japan.
“Reports confirming that hackers gained access to Panasonic networks and the personal information of job applicants and interns are troubling given the ramifications if the data gets into the wrong hands,” Danny Lopez, CEO of the company. file protection. Glasswall Solutions Ltd., said SiliconANGLE.
Lopez explained that organizations must adopt robust processes for the onboarding and disintegration of employees and affiliates who may have access to key information systems. “It is vital to control privileged access and monitor those who have this administrator privilege,” he said.
Gal Helemski, Chief Technology Officer and Co-Founder of Authorization and Identity Access Management Solutions Provider PlainID Ltd. refers to the fact that these were likely internal credentials involved in the data breach.
“Organizations need to take a ‘zero trust’ approach, which means not trusting anyone – not even known users or devices – until they have been verified and validated,” Helemski said. “Access policies and dynamic permissions are a crucial part of the zero trust architecture; they help verify who is requesting access, the context of the request and the risk of the access environment.