Panasonic Pwned…. Full Extent Of Data Breach Unknown

Happy Monday. Unless you’re with Panasonic.

I say that because Panasonic has disclosed a data breach after threat actors gained access to servers on its network. Panasonic Corporation confirmed that the network was illegally accessed by a third party on November 11, 2021. Panasonic reported the incident to the relevant authorities and has taken measures to prevent access to its network from external servers, including hiring a third party to investigate the attack and find if any of the data access during the intrusion includes customer personal information. In short, they don’t know the full extent of the data breach. That’s bad.

Yan Michalevsky, CTO and Cofounder, Anjuna Security had this comment on this data breach:

 “It’s crucial to encrypt data at rest to prevent exactly those kinds of incidents. Solutions such as full-disk encryption might not be enough when attackers have gained access to the systems, but luckily there are alternatives that enable protecting data at the level of the application such that the files themselves are always encrypted.”

Hopefully Panasonic does a follow up to advise on the full extent of the data breach so that those affected can protect themselves accordingly.

UPDATE: I have additional commentary from Eddy Bobritsky, CEO, Minerva Labs:

“This attack, much like ransomware attacks, are becoming all too common. An attacker uses evasive malware techniques to gain a foothold in the company to either steal proprietary data or encrypt or even destroy important information. Although their investigation hasn’t been completed yet, Panasonic seem to be lucky here as they were able to detect the breach relatively quickly. According to the IBM “Cost of Data Breach 2021” report, on average it took 287 days to identify and contain a data breach. This increase in sophistication of evasive techniques is simply making it much more difficult for regular EDR antivirus solutions to cope.”

Leave a Reply

%d bloggers like this: