Cyber Incident Victim: Nikkei Inc.

On March 17, 2021, Nikkei publicly disclosed incidents of unauthorized access affecting its Hong Kong-based operations. The breach involved email accounts used by Nikkei China (Hong Kong), an overseas group company, and Nikkei’s Hong Kong bureau. The company did not specify the exact timeframe of the intrusion or the number of compromised accounts. Discovery occurred prior to the announcement, though the investigation methods or triggers for detection were not detailed in available reports. Nikkei expressed concern that personal information might have been exfiltrated during the incident, specifically noting customer names as potentially exposed data. The announcement did not identify suspected threat actors or their methods of initial access.

The incident raised operational and reputational concerns due to the potential exposure of customer personal information. Nikkei provided no confirmation regarding the total volume of affected individuals or whether other data categories beyond names were compromised. The company’s disclosure lacked specifics about containment measures, forensic findings, or system remediation steps taken following the breach. No evidence of broader network compromise beyond the targeted email accounts was indicated in available reporting. Nikkei’s statement acknowledged the incident’s occurrence but did not outline subsequent customer notifications or regulatory filings related to the unauthorized access.