Cyber Incident Victim: 積水ハウス株式会社

In early January 2022, Sekisui House Group confirmed a cybersecurity incident involving Emotet malware infections affecting a subset of its corporate computers. The compromise enabled threat actors to send fraudulent emails impersonating Sekisui House Group employees to multiple external parties who had previously corresponded with the company. These spoofed messages displayed legitimate employee names in sender fields but originated from non-company email domains distinct from Sekisui House's official sekisuihouse.co.jp addresses. The malicious emails contained attachments in Microsoft Office formats (Excel and Word) and embedded hyperlinks designed to propagate malware or enable unauthorized system access if activated. The company publicly acknowledged the incident on January 28, 2022, issuing apologies for the inconvenience and anxiety caused to customers and business partners affected by the campaign.

Sekisui House responded by implementing measures to block suspicious emails across its systems while reinforcing existing antivirus protections. The organization emphasized ongoing efforts to enhance information security protocols following the breach, though specific technical containment procedures remained undisclosed. No evidence suggested systemic data exfiltration or operational disruption beyond the email-based threat vector. The primary documented impact involved reputational harm and trust erosion stemming from the impersonation campaign, necessitating public advisories about identifying spoofed communications. Recovery efforts focused on preventing further propagation through user awareness directives urging recipients to delete suspicious messages unopened rather than interacting with attachments or links. The company committed to strengthening defensive controls against similar threats without detailing specific security upgrades or forensic findings.