Cyber Incident Victim: Toshiba Tec Corp

On May 13, 2021, DarkSide ransomware operators targeted Toshiba Tec Corporation, a Toshiba subsidiary specializing in barcode scanners, point-of-sale systems, printers, and electrical equipment. The attack primarily affected the company’s French subsidiary. Upon detecting the intrusion, Toshiba Tec immediately disconnected networks linking its operations in Japan, Europe, and other global subsidiaries to contain the infection and prevent lateral movement. The company activated recovery protocols and restored systems using backups while initiating an internal investigation to assess the breach’s scope. Third-party cybersecurity forensic experts were engaged to assist in analyzing the attack vector, data exposure, and operational impact. Toshiba Tec publicly stated only a "minimal amount of work data" was permanently lost due to the incident, though it acknowledged the possibility of external data leaks by the attackers.

DarkSide affiliates claimed responsibility for the attack, alleging theft of over 740GB of data, including passport scans, project documents, and corporate presentations. Evidence from a cached DarkSide leak post, accessed via Kela’s Darkbeast search engine, corroborated these claims, though Toshiba Tec did not confirm external dissemination of customer data. The incident occurred days after DarkSide’s high-profile attack on Colonial Pipeline, which disrupted U.S. fuel distribution and prompted FBI and CISA advisories on the group’s ransomware-as-a-service model. Toshiba Tec maintained operations during network isolation but faced potential reputational and legal risks from the exposure of sensitive employee and corporate documents. The company continued forensic analysis to determine data exfiltration timelines and whether critical infrastructure or customer systems were compromised.