Cyber Incident Victim: Eisai Co., Ltd.

On June 3, 2023, late at night Japan time, Eisai Co., Ltd. detected a ransomware incident that had encrypted some of the Eisai Group’s servers. The company immediately implemented its pre-established incident response plan upon discovery. An investigation was launched with the aid of external cybersecurity partners to understand the nature and scope of the attack. A company-wide task force was swiftly convened to manage the response procedures and coordinate recovery efforts across the organization. As part of its initial response, Eisai Group also consulted with law enforcement agencies to report the incident.

The primary impact of the ransomware attack was the encryption of servers, which necessitated taking certain systems offline to contain the threat and prevent further spread. Systems affected included those both inside and outside of Japan. Specifically, logistics systems were taken offline as a direct result of the incident and the ongoing response process. In contrast, the corporate websites and email systems remained operational throughout the event, allowing for continued external communication. The company acknowledged that the forced shutdown of these critical systems, particularly logistics, had the potential to cause operational disruptions.

A key aspect of the investigation focused on determining whether any data was exfiltrated during the incident. The possibility of data leakage was confirmed to be under careful examination by the company and its external experts. Eisai Group stated that whilst it was expected to take some time to gauge the full extent of the incident, understanding the scope of any potential data breach was a priority. The company did not initially confirm whether any specific types of data, such as intellectual property or personal information, were accessed or stolen.

Eisai Group’s response was characterized by a coordinated effort between its internal task force and external cybersecurity experts. The company worked closely with these advisors to protect its systems and work towards a successful recovery. The focus was on efforts to decrypt and restore the encrypted servers and to bring the offline systems back online in a secure manner. The engagement with law enforcement remained an active part of the response strategy, although no specific details regarding which agencies were contacted were provided in the public statements.

The incident had tangible consequences for the company's operations. The taking offline of the logistics systems indicated a disruption to the supply chain and distribution networks, which are critical for a pharmaceutical company. Eisai publicly apologized for any inconvenience and worry caused to its partners and stakeholders due to these disruptions. Furthermore, the company initiated a careful examination of the potential impact of this incident on its consolidated earnings forecast for the fiscal year. It committed to making a public announcement if revisions to the forecast were deemed necessary as a result of the attack.

As of June 6, 2023, when the company issued its official notification, recovery efforts were ongoing. The full extent of the incident was not yet known, and the investigation into the attack's specifics continued. The company reiterated its commitment to minimizing inconvenience and to providing updates as more information became available. The public relations department was designated as the sole media contact for matters relating to the incident, centralizing communications. The narrative provided by Eisai emphasized a structured response but did not disclose the identity of the ransomware group responsible, the initial attack vector, or the specific ransom demands, if any were made.