Cyber Incident Victim: Daiwa House Group subsidiary
Date:
Apr 2021
Location:
Japan
Summary
A Daiwa House Group subsidiary experienced unauthorized server access resulting in a ransomware incident affecting membership management systems across multiple locations. The attack compromised data for over 50,000 members—including names, contact details, and financial information for approximately 35,000 individuals—alongside limited employee records. While the ransomware variant was assessed as non-exfiltrating, the organization engaged external researchers to monitor potential data leaks and established a dedicated call center for incident inquiries. No ransom demands were received, and no secondary misuse of information or public disclosures were confirmed at the time of reporting, though ongoing investigations continued to assess potential impacts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 2, 2021, Sports Club NAS, a subsidiary of Daiwa House Group, experienced unauthorized external access to its server, resulting in a system failure affecting membership management operations across nine of its sports club locations. The incident disrupted normal business operations, prompting an immediate internal investigation alongside external cybersecurity experts. The company identified the intrusion as a ransomware attack but clarified that the specific variant involved was not designed to exfiltrate data. No ransom demand was received by the organization. Sports Club NAS delayed public disclosure until May 18, 2021, citing the time required for system recovery, forensic analysis, and assessment of potential data exposure. The server contained sensitive information for 50,084 members, including names, addresses, dates of birth, gender, telephone numbers, member numbers, email addresses, emergency contacts, and employment details. Of these individuals, 34,920 had credit card or bank account information stored. Employee data for 60 personnel—limited to names and birthdates—was also present on the compromised system.
The company implemented containment measures by isolating affected systems and engaged a third-party research firm to monitor dark web forums and leak sites for any dissemination of stolen data. As of the May 18 disclosure, no evidence confirmed data leakage or secondary misuse, though Sports Club NAS established a dedicated call center to field customer inquiries and monitor for suspicious activity. Continuous external monitoring remained ongoing, with a commitment to issue follow-up notifications if future leaks were confirmed. Impacted individuals received advisories to report phishing attempts or fraudulent communications. Neither Sports Club NAS nor DataBreaches.net observed the compromised data on ransomware leak sites during subsequent checks. The incident caused operational disruption during system restoration but resulted in no confirmed financial fraud or identity theft cases directly attributable to the breach at the time of reporting.