Panasonic data breach compromised job applicant and business partner data | #cybersecurity | #cyberattack

Japanese conglomerate Panasonic Corp. has disclosed that job applicant and business partner data were stolen in a breach that the company first revealed in November.

The company still didn’t reveal the exact details of how the data breach took place in its Jan. 7 announcement, instead referring to the incident as unauthorized access to a file server. Panasonic did say that an investigation had found that the breach of a file server in Japan had come via a server of an overseas subsidiary. The original report in November suggested that this was Panasonic India.

Although the data breach was first detected on Nov. 11, previous reports suggest that the breach involved unauthorized access starting June 22.

Panasonic has confirmed that candidate application and internship information – including personal information had been accessed and that those impacted had been contacted. Business information, including business-related information provided by business partners and information gathered internally by the company, also resided on the server. This is being analyzed and reported to affected business partners individually.

The company noted that no consumer-related information resided on the unlawfully accessed server.

Panasonic added that it had implemented additional security countermeasures, including strengthening access controls from overseas locations, resetting relevant passwords and strengthening server access monitoring. The company also committed to continuing to improve its information security measures, including enhancing the monitoring, control and security of its networks, servers and PCs throughout its global operations.

While still not confirmed, the implication, given that access came via a subsidiary, is that user login details were accessed at Panasonic India, giving those behind the data breach access to the server in Japan.

“Reports confirming hackers gained access to Panasonic’s networks and personal information for job candidates and interns are troubling given the ramifications if the data falls into the wrong hands,” Danny Lopez, chief executive officer of file protection company Glasswall Solutions Ltd., told SiliconANGLE.

Lopez explained organizations need to adopt robust processes for onboarding and offboarding employees and affiliates that may receive access to key information systems. “It’s vital to control privileged access and to monitor those that enjoy that administrator privilege.”

Gal Helemski, chief technology and co-founder of authorization and identity access management solutions provider PlainID Ltd. referred to the fact that it was likely internal credentials involved in the data breach.

“Organizations must adopt a ‘zero trust’ approach, which means trusting no one – not even known users or devices – until they have been verified and validated,” Helemski said. “Access policies and dynamic authorizations are a crucial part of the zero trust architecture; they help to verify who is requesting access, the context of the request, and the risk of the access environment.”

Photo: Panasonic

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

+ seventy five = seventy eight