Cyber Incident Victim: Morinaga
Date:
Mar 2022
Location:
Japan
Summary
A Japanese confectionery manufacturer experienced a data breach attributed to a network cavity vulnerability, resulting in unauthorized access to customer information. The company confirmed the exposure of personal data and promptly initiated containment measures, including system shutdowns and forensic investigations. Authorities were notified in compliance with regulatory obligations, and impacted individuals received direct notifications regarding the incident. The organization publicly acknowledged the security failure and committed to implementing enhanced protective controls to prevent future compromises. No operational disruptions occurred despite the unauthorized data access, though the incident prompted a comprehensive review of existing cybersecurity protocols.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 13, 2022, Morinaga staff investigating error messages on company-managed servers discovered evidence of unauthorized access, triggering an immediate response. The Japanese confectionery manufacturer determined that attackers had compromised several servers operated by its vendor, likely by exploiting vulnerabilities in internet-connected network devices. This unauthorized access resulted in locked data and impaired segments of Morinaga's internal IT systems, with one affected server handling product deliveries for the Morinaga Direct Store e-commerce platform. The company swiftly terminated external network access following detection and engaged external cybersecurity experts to investigate the breach scope. Morinaga confirmed the incident impacted customers who made purchases between May 1, 2018, and March 13, 2022, though credit card information remained unaffected. While the term "locked" in official statements suggested potential ransomware involvement, this remained unconfirmed through subsequent disclosures. The breach caused operational disruptions affecting certain product supplies, though Morinaga anticipated only minor business performance impacts from the incident.
The investigation revealed that personal data of approximately 1.6 million Morinaga Direct customers was potentially exposed, including names, addresses, telephone numbers, dates of birth, and purchase histories. Fewer than 4,000 instances involved compromised email addresses. Morinaga initiated direct notifications to affected customers despite finding no evidence of fraudulent data misuse at the time of reporting. The company formally reported the breach to Japanese law enforcement and the Personal Information Protection Commission while maintaining ongoing forensic analysis to determine full attack vectors. Internal system restoration efforts proceeded alongside containment measures, though the vendor provided no public update regarding vulnerability remediation or attacker attribution. Morinaga issued public apologies to customers and business partners while emphasizing continued cooperation with authorities through the investigation's conclusion.