Cyber Incident Victim: Yoshida Kogyo Kabushikikaisha

YKK Corporation, a major Japanese manufacturer of zippers and fastening products, confirmed that its U.S. operations were targeted by a cyberattack in recent weeks prior to June 2, 2023. The company discovered that its U.S.-based networks were the specific target of the hackers. Upon discovery, the internal cybersecurity team moved to contain the threat. The company stated that this containment was achieved before significant damage was done and before any sensitive information was exfiltrated from its systems. The incident did not have a material impact on the company's operations or its ability to serve its customers, according to a corporate statement.

The company's vice president of corporate communications at YKK Corporation of America, Jessica Kennett Cork, publicly stated that there was no evidence that personal information, financial information, or intellectual property was compromised during the incident. YKK emphasized that it takes cybersecurity seriously and thanked its stakeholders for their continued trust. The corporation, which has over 44,000 employees globally and annual revenue exceeding $6 billion, did not provide specific details about the nature of the cyberattack in its initial confirmation. The company also declined to answer follow-up questions regarding whether a ransom was demanded by the attackers.

On June 2, 2023, the LockBit ransomware operation posted an entry for YKK on its data leak site. This public posting served as a threat to leak data allegedly stolen from YKK if their demands were not met by a deadline of June 16. The appearance of YKK on this site connected the incident to one of the world's most prolific ransomware groups. At the time of the posting, LockBit was cited as being responsible for more than double the number of attacks launched by its closest competitors. The group maintained a high pace of attacks throughout 2023, targeting a wide range of entities including churches, bus companies, sheriff's offices, and city governments.

The U.S. Department of Justice had previously noted that the LockBit ransomware group first appeared around January 2020. By the time of the YKK incident, the group was assessed to have been involved in over 1,400 attacks against victims in the United States and elsewhere. The group had issued over $100 million in ransom demands and had received over $75 million in ransom payments from its victims. In a separate incident just prior to the YKK posting, LockBit was responsible for stealing the personal information of nearly nine million people from Managed Care of North America, the largest U.S. dental insurer for government-sponsored Medicaid and Children’s Health Insurance Programs.

YKK’s official statements focused on the successful containment of the incident and the lack of any material impact, drawing a clear distinction between the initial attack and the subsequent ransomware claim. The company’s response highlighted the effectiveness of its internal cybersecurity team in identifying and isolating the threat before data exfiltration or significant damage could occur. The public communication strategy was to reassure customers and stakeholders that operations continued unimpeded and that no sensitive data was lost. The specific technical details of the attack vector, the initial point of entry, the exact systems affected within the U.S. networks, and the methods used for containment were not disclosed by the company. The narrative of the incident is therefore defined by the company’s claim of a contained breach and the external claim by a major ransomware group of successful data acquisition, with the latter being publicly disputed by the victim. The ultimate outcome regarding the LockBit threat to publish data by the June 16 deadline was not detailed in the available reporting from the initial confirmation date.