Cyber Incident Victim: Awan Tokyo Co., Ltd.
Date:
Jan 2022
Location:
Japan
Summary
A cybersecurity breach at Awan Tokyo Co., Ltd. involved unauthorized access to its proprietary "IP System," resulting in the theft of personal data including names, ages, genders, phone numbers, and email addresses belonging to customers, job applicants, staff, and business partners. The intrusion caused widespread account lockouts and prompted threatening emails to applicants. Following discovery, the company notified affected parties, implemented enhanced security protocols, and reported the incident to law enforcement and data protection authorities. Subsequent phishing attempts leveraging stolen email addresses were observed, with advisories issued to avoid interacting with suspicious links. Investigations faced challenges due to overseas involvement.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 1, 2022, Awan Tokyo Co., Ltd. discovered unauthorized access to its proprietary "IP System" that compromised all store account access. Simultaneously, applicants' email addresses received threatening spam messages targeting the company. Forensic analysis of system logs confirmed attackers had deleted accounts and exfiltrated data containing customer, applicant, and staff information stored in the database as of December 31, 2021. The compromised data included names, ages, genders, phone numbers, and email addresses across these three stakeholder groups. The company immediately reported the incident to local police on January 1 and engaged legal counsel and third-party forensic experts to investigate the breach.
Awan Tokyo notified Japan's Personal Information Protection Commission on January 13, 2022, fulfilling regulatory obligations. The company issued formal apologies and breach notifications to affected customers, job applicants, business partners, and staff members throughout January. Police concluded their investigation in April 2022 but could not pursue overseas aspects of the attack. Between January and at least July 2022, multiple spam emails containing malicious links were sent to compromised email addresses, prompting the company to advise recipients to delete such messages without clicking. Internal remediation efforts included restructuring system security protocols, tightening personal information handling procedures, and establishing a dedicated inquiry portal for affected parties through the company website. No additional breach disclosures were made beyond the initial January 24 public statement.