Cyber Incident Victim: Denso

On March 10, 2022, automotive component supplier Denso detected unauthorized third-party access to its network in Germany, prompting immediate disconnection of the affected systems. The company, a global supplier to major manufacturers including Toyota, Honda, General Motors, and Ford, confirmed the breach four days later on March 14. Denso stated the intrusion was isolated to its German operations with no impact on other facilities, production plants, or manufacturing schedules. Forensic experts were engaged to investigate the incident, and local authorities were notified. The company publicly apologized for concerns caused by the breach and committed to strengthening security measures to prevent recurrence. At the time of confirmation, Denso had not disclosed specific technical details about the attack vector or the full scope of compromised systems.

The Pandora ransomware group claimed responsibility for the attack, listing Denso on its data leak site and alleging theft of 1.4 terabytes of data. Samples published on the leak site included a redacted purchase order, technical component documentation, and sales files, indicating exfiltration of operational and commercial records. Pandora’s tactics aligned with standard ransomware operations involving data theft and encryption, with leak threats serving as leverage for extortion. Denso did not confirm whether ransomware was deployed or if data encryption occurred. The company’s public statements emphasized containment of the breach to German networks and maintained no disruption to its $44.6 billion global operations. No customer or supply chain impacts were reported, and Denso did not disclose whether negotiations with threat actors occurred or whether data disclosures followed the initial claim.