Cyber Incident Victim: Toei Animation
Date:
Mar 2022
Location:
Japan
Summary
A cyberattack on a major Japanese animation studio resulted in unauthorized system access, prompting an immediate shutdown of internal networks and production delays for multiple popular anime series. The incident disrupted scheduled episode releases, impacting global broadcasters and streaming platforms, while investigations with external cybersecurity experts and law enforcement are assessing potential data theft involving customer and business partner information. Recovery efforts are ongoing to restore operations and determine the full scope of compromised data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 6, 2022, Toei Animation detected unauthorized access to its internal systems. The following day, March 7, the company implemented a full shutdown of all internal systems as a precautionary measure to contain the incident. Toei launched an immediate investigation into the cyberattack’s scope and origins, engaging an external cybersecurity firm for forensic analysis and technical support. The studio concurrently notified law enforcement agencies of the breach. By March 11, Toei publicly confirmed the attack’s disruption to production schedules, attributing delays in new episode releases to the ongoing system outage. The investigation prioritized determining whether threat actors exfiltrated sensitive data during the intrusion, with particular focus on customer information, business partner details, and employee personal data. Toei emphasized its collaboration with third-party specialists to verify potential data compromise but did not disclose preliminary findings by the reporting date.
The cyberattack halted production of multiple flagship anime series, including ONE PIECE, Delicious Party Precure, Digimon Ghost Game, and Dragon Quest Dai no Daibouken, forcing indefinite postponements of new episodes. This disruption impacted global distribution partners such as Netflix, Funimation, and Crunchyroll, which rely on Toei’s content pipelines. ONE PIECE, a consistently top-rated series in Japan with historically high viewership metrics exceeding 2 million monthly demand expressions, faced particular scrutiny due to the delayed release of its milestone 1000th episode. The incident underscored Toei’s operational criticality as a historic studio responsible for globally recognized franchises spanning Dragon Ball, Sailor Moon, and Transformers. While no ransomware claims or specific attacker methodologies were disclosed, the system-wide shutdown indicated a severe compromise requiring extended recovery efforts. Toei maintained public updates through press statements but did not specify restoration timelines or confirm data breach outcomes by the latest reported update.