Menu
Browse

Cyber Incident Victim: Nichirei

Date:

Jul 2023

Location:

Japan

Summary

Nichirei confirmed a cyberattack disrupted parts of its frozen-food and logistics operations, with possible exposure of personal information. The company reported system failures, set up an emergency response, and investigated, confirming servers were attacked and some stored personal data, leading to an initial report to the data protection authority. To contain the impact, systems were disconnected, affecting inbound and outbound operations at refrigerated warehouses and frozen-food shipments. After engaging external cybersecurity specialists and implementing security measures, the company plans to gradually resume affected operations. The financial impact is still being assessed, and the company intends to release its quarterly results as scheduled. The company’s recent financial performance showed modest sales and profit growth, and it is shifting its fiscal year-end, resulting in a shortened transition period. Another major Japanese food and drink group experienced a similar cyberattack earlier, affecting domestic production and distribution but not overseas operations.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 0 motives 0 techniques
Threat Actors Type Location
0 actors Available to members Available to members

Description

Nichirei announced on 13 July 2023 that it had detected system failures on Monday, prompting the establishment of an emergency response headquarters to investigate the cause. The subsequent investigation confirmed that the company’s servers had been subjected to a cyberattack. Nichirei stated that some of the affected servers contained personal information and that it had filed an initial report with Japan’s Personal Information Protection Commission regarding the possibility of a data leak. The company said it would continue its investigation and would promptly report any confirmed leakage to the relevant parties.

Cyber Incident Image

To contain the impact, Nichirei disconnected all systems used across the group on the same day. This action disrupted inbound and outbound operations at the refrigerated warehouses managed by Nichirei Logistics Group and halted frozen‑food shipment operations at Nichirei Foods. After engaging an external cybersecurity specialist to introduce additional security measures, Nichirei indicated that it planned to gradually resume the affected operations starting on 17 July. The firm did not disclose further technical details of the attack to avoid potential further damage.

Nichirei noted that the financial impact of the cyberattack was still under assessment at the time of the statement. It affirmed that it would still release its first‑quarter results for the fiscal year ending 31 December 2026 on 7 August as previously scheduled. For the fiscal year ended 31 March 2026, the company reported net sales of Y716.14 billion ($4.41 billion), operating profit of Y38.99 billion, and profit attributable to owners of parent of Y27.33 billion. Nichirei also mentioned that it is shifting its year‑end from March to December, making the period to 31 December 2026 a nine‑month transition year, and referenced that a similar cyberattack had occurred at Asahi in September of the previous year, affecting only its domestic Japanese operations.

Sources
Sources available to members
1 source