Cyber Incident Victim: Taiwan Kadokawa Co.
Date:
Jun 2021
Location:
Taiwan
Summary
Taiwan Kadokawa experienced a ransomware attack resulting in unauthorized server access, leading to immediate system shutdowns and website suspension to limit damage. The breach potentially exposed personal and corporate information, though credit card data remained unaffected as it was not stored. The company engaged law enforcement for investigation and warned customers of possible phishing risks due to compromised data. Operational disruptions affected order processing until security verification allowed service restoration.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 3, 2021, Taiwan Kadokawa Co., Ltd. detected unauthorized external access to its servers through a ransomware attack. The company promptly initiated containment measures by shutting down all potentially compromised servers and computers, disconnecting them from the network to prevent further damage. Service for the official website was suspended pending a full security assessment. Preliminary investigations indicated that personal and corporate information stored on the affected servers may have been compromised, though the company confirmed no credit card data was involved due to its policy of not retaining such information. The encrypted member database passwords remained intact, but Taiwan Kadokawa acknowledged the possibility of data theft could not be entirely eliminated. Impact analysis confirmed the attack was confined to the company's own infrastructure, with no evidence of compromise to affiliated companies' servers or networks. Law enforcement and relevant authorities were immediately notified, with the company pledging full cooperation in the criminal investigation.
Taiwan Kadokawa issued public notifications advising customers to remain vigilant against potential phishing attempts via suspicious emails, calls, or text messages, specifically warning about fraudulent scenarios involving fake customer service representatives requesting financial information or ATM operations. Customer inquiries were directed to a dedicated service email address and official fan club channels. The website suspension disrupted order processing and limited-edition pre-orders, with revised shipping timelines to be announced separately. Operations would resume only after comprehensive system security verification to eliminate recurrence risks. No ransomware group was identified in the public disclosure, and the company committed to providing further updates through its website as the investigation progressed. Internal damage assessments continued alongside law enforcement coordination to determine the full scope of data exposure and attack methodology.