Cyber Incident Victim: Takamiya Co., Ltd.
Date:
Dec 2022
Location:
Viet Nam
Summary
The company experienced unauthorized server access and a ransomware attack by the LockBit group, originating from its Vietnam branch, leading to encrypted files and potential data exposure. Customer information containing personal data and employee details across the group were identified as compromised, though three subsidiaries confirmed no personal data leaks. Upon detecting system disruptions, the organization established a response team, initiated recovery efforts, engaged external cybersecurity experts, and reported the incident to regulatory authorities and law enforcement. Attackers later listed the company on a leak site, prompting dark web monitoring and forensic investigations to determine the full scope of impacted data and intrusion methods.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 15, 2022, Takamiya Co., Ltd. and nine subsidiaries (collectively referred to as the Takamiya Group) detected an access disruption to their business systems. Internal investigations revealed ransomware infection by LockBit, which encrypted files on internal servers. The company immediately established an incident response team and implemented containment measures to limit further damage. Initial findings indicated attackers first compromised Takamiya's Vietnam office before infiltrating group-wide internal servers to execute the ransomware. By December 16, system administrators determined partial restoration of critical business systems was feasible and initiated recovery efforts while engaging external legal counsel and cybersecurity experts. On December 19, Takamiya filed an initial report with Japan's Personal Information Protection Committee and began selecting a digital forensics firm. Subsidiary impact assessments concluded by December 23, prompting supplemental reports to the regulatory body regarding affected subsidiaries.
The attackers claimed responsibility via email on January 7, 2023, and listed Takamiya on their leak site, prompting the initiation of dark web monitoring through external specialists on January 10. Forensic investigators delivered preliminary findings on January 11, coinciding with coordination meetings with Osaka Prefectural Police. Compromised data included customer information containing personal data and employee records from group servers, though subsidiaries Iwat, Hiramatsu, and Nakaya Kizai confirmed their managed personal data remained unaffected. The exact volume of potentially exposed records remained undetermined as digital forensics and dark web monitoring continued. Business operations resumed at minimal functionality during recovery, with financial impact assessments for the March 2023 fiscal quarter pending completion. Takamiya maintained regulatory reporting obligations while developing recurrence prevention strategies guided by security consultants and legal advisors. A dedicated customer inquiry hotline operated on weekdays following the disclosure.