Cyber Incident Victim: Honda

Honda Motor Co experienced a ransomware incident linked to the global WannaCry outbreak in May 2017. The company discovered the virus in its computer network on Sunday, May 14, leading to an immediate one-day production halt at its Sayama vehicle assembly plant northwest of Tokyo the following Monday. This facility manufactured models including the Accord sedan, Odyssey Minivan, and Step Wagon compact multipurpose vehicle, with an approximate daily production capacity of 1,000 vehicles. The cyber intrusion affected Honda's networks across multiple geographic regions including Japan, North America, Europe, and China. Despite the widespread network infection, the operational impact remained confined to the Sayama plant, with no production disruptions reported at Honda's other global manufacturing facilities. Regular operations resumed at Sayama on Tuesday after containment measures were implemented.

The incident occurred despite Honda's cybersecurity efforts initiated in mid-May during the initial wave of WannaCry attacks that had previously disrupted organizations worldwide. This marked at least the second wave of WannaCry-related disruptions in the automotive sector, following earlier infections that forced production stoppages at Renault-Nissan alliance plants in Japan, Britain, France, Romania, and India during May's initial outbreak. While the global spread of WannaCry had slowed by mid-May, security experts contemporaneously warned that new variants of the ransomware could emerge. Honda's response demonstrated the persistent vulnerability of industrial control systems to network-borne threats even after initial mitigation attempts, though the company prevented cascading production failures beyond the single affected facility. The event highlighted the transnational operational risks posed by cyber threats to globally distributed manufacturing enterprises.