Cyber Incident Victim: Nikkei Inc.

On May 13, 2022, Nikkei Group Asia’s Singapore headquarters experienced unauthorized access to a server, prompting immediate detection and an internal investigation. The company responded by shutting down the compromised server and implementing containment measures to limit operational disruption. Preliminary findings indicated the affected server likely stored customer data, though Nikkei emphasized its investigation into the attack’s scope and data exposure remained ongoing as of May 19. No evidence of data exfiltration or leakage had been identified at the time of disclosure. The company notified Japanese and Singaporean data protection authorities of the incident, consistent with regulatory obligations. Nikkei’s public relations office issued a formal apology for the incident, committing to collaborate with authorities and strengthen information security protocols.

This ransomware attack followed a separate 2020 business email compromise (BEC) incident involving Nikkei America, where impersonators posing as executives deceived an employee into transferring $29 million to fraudulent accounts. While the BEC incident demonstrated prior vulnerabilities in financial controls, the 2022 ransomware event centered on server security and potential data integrity risks. Nikkei’s public statements emphasized containment actions and forensic efforts but did not disclose technical specifics of the ransomware variant, attacker attribution, or confirmed data categories at risk. The company maintained operations for its broader media services despite localized server disruptions in Singapore. No ransomware group claimed public responsibility for the attack as of the disclosure date.