Cyber Incident Victim: Hokusen Co.

Hokusen Co., Ltd. discovered unauthorized third-party access to its systems potentially compromising the personal information of 44,559 customers. The breach was traced to SQL injection attacks that enabled threat actors to exfiltrate sensitive customer data. Compromised information included email addresses, passwords, names, physical addresses, dates of birth, gender classifications, phone numbers, and account credentials. The company confirmed the intrusion pathway and data exposure scope through internal forensic analysis. While the exact intrusion timeline remains unspecified, Hokusen formally reported the incident to relevant Japanese government ministries and regulatory organizations on January 20, 2022. The breach represented a significant compromise of customer privacy given the breadth of exposed personally identifiable information and authentication credentials.

On May 16, 2022, Hokusen publicly disclosed the breach through an official notice detailing both the incident and remediation efforts. The company immediately implemented technical countermeasures specifically targeting SQL injection vulnerabilities that facilitated the attack. A third-party research organization was engaged to conduct an independent investigation, with findings expected to inform future security enhancements. Hokusen committed to strengthening system security protocols and expanding monitoring capabilities to prevent recurrence. No evidence suggested ongoing unauthorized access following containment measures. The disclosure emphasized organizational accountability while omitting specifics regarding customer notifications, regulatory penalties, or financial impacts stemming from the incident.