Incidents - The Cyber Security Incident Database (CSIDB)

Advanced Search
Apr 2025	萬海航運股份有限公司	Taiwan	The victim's information website experienced a cyberattack, prompting immediate isolation of the affected system and engagement of external cybersecurity experts for remediation. The incident was reported to relevant authorities, resulting in a temporary service outage for the website. No significant impact on company operations, information security, or personal data was reported. The organization plans to enhance security controls for its network and information infrastructure.
Feb 2022	総合大雄会病院 (Daiyukai General Hospital)	Japan	A healthcare organization experienced a malware infection involving Emotet-type viruses on some internal computers, leading to unauthorized emails impersonating legitimate departments or staff. The compromise resulted in the leakage of historical email correspondence and stored address data, which facilitated fraudulent communications to external parties. The institution responded by disinfecting affected devices using security software, collaborating with internet providers for log analysis, and strengthening email server protections. Ongoing efforts included quarantining potentially compromised systems to contain further data exposure. Recipients of suspicious messages were advised to verify sender addresses and avoid interacting with attachments or links.
Jan 2022	積水ハウス株式会社	Japan	A cybersecurity incident involving Sekisui House Co., Ltd. stemmed from Emotet malware infections affecting some group computers, enabling fraudulent emails impersonating employees to be sent to external contacts. The spoofed messages displayed legitimate employee names but originated from non-corporate email domains, with attachments or embedded links posing risks of further malware infections or unauthorized access if opened. The company acknowledged the disruption caused, confirmed blocking suspicious emails as part of existing security measures, and committed to strengthening information security protocols to prevent recurrence.
Jan 2022	秋葉山公園県民水泳場	Japan	The Akibayama Park Prefectural Swimming Pool experienced a cybersecurity incident involving unauthorized emails impersonating the facility, which were sent to customers who had previously communicated with the establishment. This breach occurred multiple times, linked to a virus affecting their systems, prompting investigations and public notifications to warn patrons about the suspicious communications. The incident caused operational disruptions and customer concerns, leading to formal apologies from management for the inconvenience and potential risks posed by the fraudulent messages.
Feb 2022	社保乜商社保ルールド	Japan	A company's internal computers were infected by the Emotet malware, enabling attackers to distribute fraudulent emails impersonating its employees. These messages displayed legitimate employee names but used non-corporate email domains, often containing password-protected ZIP attachments or malicious URLs in the body. Opening such attachments or clicking links risked further malware infections or unauthorized system access. The incident prompted warnings about verifying sender addresses and avoiding interaction with suspicious messages.
Apr 2025	株式会社近鉄エクスプレス	Japan	株式会社近鉄エクスプレス disclosed that a ransomware attack led to unauthorized access and a server failure that disrupted parts of its logistics operations. The company activated an emergency response team, engaged external forensic experts, and notified Japanese police while working to restore affected systems. Service remains limited in some regions, with email communications continuing, and the firm continues to provide updates as recovery efforts proceed.
Jan 2025	株式会社快活フロンティア	Japan	A cybersecurity incident at 快活フロンティア involved unauthorized external access to its servers, potentially compromising personal information of club members, provisional members, and fitness service users. The breach was detected when suspicious activity prompted immediate network isolation and subsequent investigations with external experts. Exposed data included names, addresses, phone numbers, birthdates, membership details, and point balances, but excluded sensitive information like passwords, payment details, or identity documents. Following containment, the company notified affected individuals via email and post, reported to regulatory authorities, and temporarily restricted member app access. Remedial actions included patching vulnerabilities, deploying enhanced security software, strengthening access monitoring, and implementing multi-layered defenses to prevent recurrence. No evidence of actual data misuse or secondary harm was confirmed during the investigation period.
Feb 2022	株式会社丸山製作所	Japan	A Maruyama Manufacturing employee's computer was infected by Emotet malware, resulting in the theft of email data including internal and external contact names, email addresses, and message subjects. Attackers subsequently sent fraudulent emails impersonating company personnel, containing malware-laden encrypted ZIP attachments that risked further infections or unauthorized access if opened. The compromised information led to widespread impersonation attempts targeting clients and partners, with the company confirming data exfiltration and urging recipients to verify sender domains matching its official "@maruyama.co.jp" addresses. The organization initiated an investigation to prevent secondary damage while committing to strengthened cybersecurity measures following the incident.
Jun 2023	株式会社上條器械店	Japan	A cybersecurity incident involving Kamijo involved the detection of unauthorized external access to the company's network. In response, the organization promptly disconnected affected servers and severed network connections to contain the impact. An investigation is underway with external experts to determine the cause and assess any potential data breach. The company has apologized for the concern caused and has established a dedicated contact channel for affected parties.


May 2025	株式会社ホスピタルサービス	Japan	Hospital Service Co. experienced unauthorized external access resulting in ransomware infection on its network. The company promptly implemented containment measures, including isolating affected servers and disrupting network segments to prevent further spread. An external expert-assisted response team is actively investigating the incident and working on restoration. While ordering systems and logistics operations are gradually recovering, the investigation into potential personal information compromise continues with no confirmed data breach identified thus far.
May 2025	株式会社トーモク	Japan	株式会社トーモク reported that a ransomware attack encrypted several of its servers, disrupting the online ordering system while other services remained operational. The company stated that fax and email ordering, as well as its website and email infrastructure, continued to function normally, allowing production to proceed without interruption. Investigations into the full scope of the incident are ongoing, with external specialists and law enforcement assisting in containment and recovery efforts. Full restoration of the affected systems is expected to take additional time.
Dec 2022	株式会社タカミヤ	Viet Nam	The company experienced unauthorized server access and a ransomware attack by the LockBit group, originating from its Vietnam branch, leading to encrypted files and potential data exposure. Customer information containing personal data and employee details across the group were identified as compromised, though three subsidiaries confirmed no personal data leaks. Upon detecting system disruptions, the organization established a response team, initiated recovery efforts, engaged external cybersecurity experts, and reported the incident to regulatory authorities and law enforcement. Attackers later listed the company on a leak site, prompting dark web monitoring and forensic investigations to determine the full scope of impacted data and intrusion methods.
Nov 2022	株式会社 KKS（株式会社ケイ・ケイ・エス）/ KKS LTD.	Japan	A Japanese company experienced unauthorized server access resulting in potential exposure of customer personal information, including names, company details, contact information, and order histories. The intrusion involved ransomware ("LOCKBIT2.0") that encrypted internal data, with attackers exploiting security vulnerabilities in internet-facing systems. While forensic investigations found no evidence of data exfiltration or subsequent misuse, the organization acknowledged an inability to definitively rule out information leakage. Response measures included immediate network isolation, collaboration with cybersecurity experts, server restoration from backups, and implementation of enhanced protections like upgraded antivirus software, access monitoring systems, and certificate-based external access controls. Authorities and affected individuals were notified following the investigation.
Jun 2024	株式会社KADOKAWA	Japan	KADOKAWA experienced a cybersecurity incident involving unauthorized external access to its group servers, causing widespread service disruptions across multiple websites including Nico Nico Services, its official corporate site, and the Ebten platform. The company promptly shut down affected systems to preserve data integrity and initiated internal investigations confirming a likely cyberattack. While assessing potential data breaches, the organization is collaborating with external cybersecurity experts and law enforcement to determine the full scope of impact and restore operations, with updates promised as new information emerges.
Apr 2025	東海大学	Japan	東海大学 announced that its network servers had been subjected to unauthorized access and infected with ransomware, causing email and educational systems to become unavailable at the Shizuoka campus and other locations. The infection affected ten affiliated institutions and campuses, leading to the suspension of some classes. University officials established a response headquarters at the Shonan campus, isolated the compromised servers, and began recovery work while police cyber investigators examined the Shizuoka campus. The network link between the Shizuoka and Shonan campuses was severed to prevent further spread, and the presence of the virus on other systems remained under verification. Electronic bulletin boards were installed on campus to inform students, and staff were occupied with the response efforts.
Apr 2022	明光トレーディング株式会社	Japan	Meiko Trading Co. experienced a server compromise resulting in unauthorized external access to internal systems, prompting an immediate investigation with external experts. The incident caused operational disruptions and potential exposure of sensitive information, leading to coordinated containment measures and system restoration efforts. Security enhancements were implemented following forensic analysis to prevent recurrence.
Mar 2025	日鉄ソリューションズ株式会社	Japan	Nippon Steel Solutions disclosed that its systems were accessed without authorization, resulting in the exposure of certain data. The company is currently investigating the breach, determining the scope of the impact, and has notified relevant authorities. Efforts are underway to secure the affected systems and prevent recurrence. The company stated that there is a possibility that some personal information of employees and customers was exposed, and certain online services were temporarily suspended. The company has engaged external cybersecurity experts to assist with the investigation and remediation.
Nov 2023	日本航空電子工業株式会社	Japan	Japan Aviation Electronics Industry suffered a ransomware attack by the BlackCat/ALPHV group involving unauthorized access to multiple servers. The company temporarily took its website offline in response and disabled certain unspecified systems to contain the incident. While recovery efforts are ongoing, no evidence of data exfiltration has been identified. The attackers publicly claimed responsibility for the breach, which follows similar recent targeting of other organizations by the same group.
Jan 2025	日本気象協会	Japan	A Japan-based weather organization experienced significant service disruptions due to distributed denial-of-service attacks targeting its website and mobile application, with two separate incidents causing outages exceeding seven and nine hours respectively. These attacks formed part of a broader campaign impacting at least 46 Japanese entities including financial institutions and aviation services, utilizing malware-infected IoT devices like cameras and home appliances to overwhelm networks. Security analysts identified botnet coordination through compromised IP addresses, noting parallel attack patterns in Western nations while acknowledging potential simultaneous operations by multiple threat actors.
Sep 2023	彰化縣肉品市場股份有限公司	Taiwan	A cyberattack disabled the computer system of Changhua County Meat Market, encrypting files and displaying a ransom demand, which forced the suspension of auctions and prevented over 1,000 pigs from being processed. The company's operations were restored the following day after repairs, with no prior issues reported in the system developed by Academia Sinica. This marked the first closure due to a cyber incident affecting the auction infrastructure.
Advanced Search

Apr 2025

Taiwan

The victim's information website experienced a cyberattack, prompting immediate isolation of the affected system and engagement of external cybersecurity experts for remediation. The incident was reported to relevant authorities, resulting in a temporary service outage for the website. No significant impact on company operations, information security, or personal data was reported. The organization plans to enhance security controls for its network and information infrastructure.

Feb 2022

総合大雄会病院 (Daiyukai General Hospital)

Japan

A healthcare organization experienced a malware infection involving Emotet-type viruses on some internal computers, leading to unauthorized emails impersonating legitimate departments or staff. The compromise resulted in the leakage of historical email correspondence and stored address data, which facilitated fraudulent communications to external parties. The institution responded by disinfecting affected devices using security software, collaborating with internet providers for log analysis, and strengthening email server protections. Ongoing efforts included quarantining potentially compromised systems to contain further data exposure. Recipients of suspicious messages were advised to verify sender addresses and avoid interacting with attachments or links.

Jan 2022

積水ハウス株式会社

Japan

A cybersecurity incident involving Sekisui House Co., Ltd. stemmed from Emotet malware infections affecting some group computers, enabling fraudulent emails impersonating employees to be sent to external contacts. The spoofed messages displayed legitimate employee names but originated from non-corporate email domains, with attachments or embedded links posing risks of further malware infections or unauthorized access if opened. The company acknowledged the disruption caused, confirmed blocking suspicious emails as part of existing security measures, and committed to strengthening information security protocols to prevent recurrence.

Jan 2022

秋葉山公園県民水泳場

Japan

The Akibayama Park Prefectural Swimming Pool experienced a cybersecurity incident involving unauthorized emails impersonating the facility, which were sent to customers who had previously communicated with the establishment. This breach occurred multiple times, linked to a virus affecting their systems, prompting investigations and public notifications to warn patrons about the suspicious communications. The incident caused operational disruptions and customer concerns, leading to formal apologies from management for the inconvenience and potential risks posed by the fraudulent messages.

Feb 2022

社保乜商社保ルールド

Japan

A company's internal computers were infected by the Emotet malware, enabling attackers to distribute fraudulent emails impersonating its employees. These messages displayed legitimate employee names but used non-corporate email domains, often containing password-protected ZIP attachments or malicious URLs in the body. Opening such attachments or clicking links risked further malware infections or unauthorized system access. The incident prompted warnings about verifying sender addresses and avoiding interaction with suspicious messages.

Apr 2025

株式会社近鉄エクスプレス

Japan

株式会社近鉄エクスプレス disclosed that a ransomware attack led to unauthorized access and a server failure that disrupted parts of its logistics operations. The company activated an emergency response team, engaged external forensic experts, and notified Japanese police while working to restore affected systems. Service remains limited in some regions, with email communications continuing, and the firm continues to provide updates as recovery efforts proceed.

Jan 2025

株式会社快活フロンティア

Japan

A cybersecurity incident at 快活フロンティア involved unauthorized external access to its servers, potentially compromising personal information of club members, provisional members, and fitness service users. The breach was detected when suspicious activity prompted immediate network isolation and subsequent investigations with external experts. Exposed data included names, addresses, phone numbers, birthdates, membership details, and point balances, but excluded sensitive information like passwords, payment details, or identity documents. Following containment, the company notified affected individuals via email and post, reported to regulatory authorities, and temporarily restricted member app access. Remedial actions included patching vulnerabilities, deploying enhanced security software, strengthening access monitoring, and implementing multi-layered defenses to prevent recurrence. No evidence of actual data misuse or secondary harm was confirmed during the investigation period.

Feb 2022

株式会社丸山製作所

Japan

A Maruyama Manufacturing employee's computer was infected by Emotet malware, resulting in the theft of email data including internal and external contact names, email addresses, and message subjects. Attackers subsequently sent fraudulent emails impersonating company personnel, containing malware-laden encrypted ZIP attachments that risked further infections or unauthorized access if opened. The compromised information led to widespread impersonation attempts targeting clients and partners, with the company confirming data exfiltration and urging recipients to verify sender domains matching its official "@maruyama.co.jp" addresses. The organization initiated an investigation to prevent secondary damage while committing to strengthened cybersecurity measures following the incident.

Jun 2023

株式会社上條器械店

Japan

A cybersecurity incident involving Kamijo involved the detection of unauthorized external access to the company's network. In response, the organization promptly disconnected affected servers and severed network connections to contain the impact. An investigation is underway with external experts to determine the cause and assess any potential data breach. The company has apologized for the concern caused and has established a dedicated contact channel for affected parties.

May 2025

株式会社ホスピタルサービス

Japan

Hospital Service Co. experienced unauthorized external access resulting in ransomware infection on its network. The company promptly implemented containment measures, including isolating affected servers and disrupting network segments to prevent further spread. An external expert-assisted response team is actively investigating the incident and working on restoration. While ordering systems and logistics operations are gradually recovering, the investigation into potential personal information compromise continues with no confirmed data breach identified thus far.

May 2025

株式会社トーモク

Japan

株式会社トーモク reported that a ransomware attack encrypted several of its servers, disrupting the online ordering system while other services remained operational. The company stated that fax and email ordering, as well as its website and email infrastructure, continued to function normally, allowing production to proceed without interruption. Investigations into the full scope of the incident are ongoing, with external specialists and law enforcement assisting in containment and recovery efforts. Full restoration of the affected systems is expected to take additional time.

Dec 2022

株式会社タカミヤ

Viet Nam

The company experienced unauthorized server access and a ransomware attack by the LockBit group, originating from its Vietnam branch, leading to encrypted files and potential data exposure. Customer information containing personal data and employee details across the group were identified as compromised, though three subsidiaries confirmed no personal data leaks. Upon detecting system disruptions, the organization established a response team, initiated recovery efforts, engaged external cybersecurity experts, and reported the incident to regulatory authorities and law enforcement. Attackers later listed the company on a leak site, prompting dark web monitoring and forensic investigations to determine the full scope of impacted data and intrusion methods.

Nov 2022

株式会社 KKS（株式会社ケイ・ケイ・エス）/ KKS LTD.

Japan

A Japanese company experienced unauthorized server access resulting in potential exposure of customer personal information, including names, company details, contact information, and order histories. The intrusion involved ransomware ("LOCKBIT2.0") that encrypted internal data, with attackers exploiting security vulnerabilities in internet-facing systems. While forensic investigations found no evidence of data exfiltration or subsequent misuse, the organization acknowledged an inability to definitively rule out information leakage. Response measures included immediate network isolation, collaboration with cybersecurity experts, server restoration from backups, and implementation of enhanced protections like upgraded antivirus software, access monitoring systems, and certificate-based external access controls. Authorities and affected individuals were notified following the investigation.

Jun 2024

株式会社KADOKAWA

Japan

KADOKAWA experienced a cybersecurity incident involving unauthorized external access to its group servers, causing widespread service disruptions across multiple websites including Nico Nico Services, its official corporate site, and the Ebten platform. The company promptly shut down affected systems to preserve data integrity and initiated internal investigations confirming a likely cyberattack. While assessing potential data breaches, the organization is collaborating with external cybersecurity experts and law enforcement to determine the full scope of impact and restore operations, with updates promised as new information emerges.

Apr 2025

東海大学

Japan

東海大学 announced that its network servers had been subjected to unauthorized access and infected with ransomware, causing email and educational systems to become unavailable at the Shizuoka campus and other locations. The infection affected ten affiliated institutions and campuses, leading to the suspension of some classes. University officials established a response headquarters at the Shonan campus, isolated the compromised servers, and began recovery work while police cyber investigators examined the Shizuoka campus. The network link between the Shizuoka and Shonan campuses was severed to prevent further spread, and the presence of the virus on other systems remained under verification. Electronic bulletin boards were installed on campus to inform students, and staff were occupied with the response efforts.

Apr 2022

明光トレーディング株式会社

Japan

Meiko Trading Co. experienced a server compromise resulting in unauthorized external access to internal systems, prompting an immediate investigation with external experts. The incident caused operational disruptions and potential exposure of sensitive information, leading to coordinated containment measures and system restoration efforts. Security enhancements were implemented following forensic analysis to prevent recurrence.

Mar 2025

日鉄ソリューションズ株式会社

Japan

Nippon Steel Solutions disclosed that its systems were accessed without authorization, resulting in the exposure of certain data. The company is currently investigating the breach, determining the scope of the impact, and has notified relevant authorities. Efforts are underway to secure the affected systems and prevent recurrence. The company stated that there is a possibility that some personal information of employees and customers was exposed, and certain online services were temporarily suspended. The company has engaged external cybersecurity experts to assist with the investigation and remediation.

Nov 2023

日本航空電子工業株式会社

Japan

Japan Aviation Electronics Industry suffered a ransomware attack by the BlackCat/ALPHV group involving unauthorized access to multiple servers. The company temporarily took its website offline in response and disabled certain unspecified systems to contain the incident. While recovery efforts are ongoing, no evidence of data exfiltration has been identified. The attackers publicly claimed responsibility for the breach, which follows similar recent targeting of other organizations by the same group.

Jan 2025

日本気象協会

Japan

A Japan-based weather organization experienced significant service disruptions due to distributed denial-of-service attacks targeting its website and mobile application, with two separate incidents causing outages exceeding seven and nine hours respectively. These attacks formed part of a broader campaign impacting at least 46 Japanese entities including financial institutions and aviation services, utilizing malware-infected IoT devices like cameras and home appliances to overwhelm networks. Security analysts identified botnet coordination through compromised IP addresses, noting parallel attack patterns in Western nations while acknowledging potential simultaneous operations by multiple threat actors.

Sep 2023

彰化縣肉品市場股份有限公司

Taiwan

A cyberattack disabled the computer system of Changhua County Meat Market, encrypting files and displaying a ransom demand, which forced the suspension of auctions and prevented over 1,000 pigs from being processed. The company's operations were restored the following day after repairs, with no prior issues reported in the system developed by Academia Sinica. This marked the first closure due to a cyber incident affecting the auction infrastructure.

Menu