Nikkei

Japanese media conglomerate **Nikkei** suffered a cyber breach after hackers exploited malware on an employee’s device to steal login credentials and gain unauthorized access to its internal **Slack communication system**. The incident, discovered in September but disclosed in late November, exposed the **names, email addresses, and chat histories** of over **17,300 users**, including employees and business partners. While no journalistic sources or reporting-related data were compromised, the breach highlights vulnerabilities in internal communication platforms. Nikkei, which owns the *Financial Times* and operates globally with 3,000+ employees, reported the incident to Japanese authorities despite the leaked data not being legally classified as 'personal information' under local laws. The company emphasized plans to **strengthen personal information management** to prevent recurrence. This follows a **2022 ransomware attack** on Nikkei’s Singapore headquarters, underscoring a pattern of cyber threats targeting media organizations.

Source: https://therecord.media/japan-nikkei-slack-breach

TPRM report: https://www.rankiteo.com/company/nikkei

"id": "nik3992039110525",
"linkid": "nikkei",
"type": "Breach",
"date": "6/2022",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': '17,300+ (Slack users including '
                                              'employees and business '
                                              'partners)',
                        'industry': 'Media/Publishing',
                        'location': 'Japan (global operations, including 37 '
                                    'overseas editorial bureaus)',
                        'name': 'Nikkei Inc.',
                        'size': '3,000+ employees',
                        'type': 'Media Conglomerate'}],
 'attack_vector': "Malware infection on employee's computer leading to "
                  'credential theft',
 'data_breach': {'data_exfiltration': True,
                 'file_types_exposed': ['Slack messages/logs'],
                 'number_of_records_exposed': '17,300+',
                 'personally_identifiable_information': ['Names',
                                                         'Email addresses'],
                 'sensitivity_of_data': 'Moderate (business communications, no '
                                        'journalistic sources or financial '
                                        'data confirmed)',
                 'type_of_data_compromised': ['Names',
                                              'Email addresses',
                                              'Chat histories']},
 'date_detected': '2023-09',
 'date_publicly_disclosed': '2023-10-17',
 'description': 'Japanese media giant Nikkei reported that hackers gained '
                'unauthorized access to its internal Slack communication '
                'system, potentially exposing data linked to over 17,000 '
                'people. The breach occurred after an employee’s computer was '
                'infected with malware, allowing attackers to steal login '
                'credentials and access Slack. Exposed data may include names, '
                'email addresses, and chat histories of employees and business '
                'partners, though no evidence suggests compromise of '
                'journalistic sources or reporting-related information.',
 'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
                                       'exposure of sensitive communication '
                                       'data',
            'data_compromised': ['Names', 'Email addresses', 'Chat histories'],
            'identity_theft_risk': 'Low (no financial or highly sensitive '
                                   'personal data confirmed compromised)',
            'systems_affected': ['Internal Slack communication system']},
 'initial_access_broker': {'entry_point': 'Employee’s malware-infected '
                                          'computer'},
 'investigation_status': 'Ongoing (no attribution or root cause beyond malware '
                         'infection disclosed)',
 'post_incident_analysis': {'corrective_actions': ['Strengthening personal '
                                                   'information management'],
                            'root_causes': ['Malware infection on employee '
                                            'device',
                                            'Credential theft leading to Slack '
                                            'access']},
 'references': [{'date_accessed': '2023-10-17',
                 'source': 'Nikkei official statement (via media reports)'},
                {'date_accessed': '2023-10-17',
                 'source': 'Reuters/Associated Press coverage of the '
                           'incident'}],
 'regulatory_compliance': {'regulatory_notifications': ['Voluntarily reported '
                                                        'to Japan’s data '
                                                        'protection '
                                                        'authorities (despite '
                                                        'no legal '
                                                        'obligation)']},
 'response': {'communication_strategy': ['Public disclosure',
                                         'Voluntary reporting to Japan’s data '
                                         'protection authorities'],
              'incident_response_plan_activated': True,
              'remediation_measures': ['Strengthening personal information '
                                       'management']},
 'title': 'Nikkei Slack Communication System Data Breach',
 'type': 'Data Breach (Unauthorized Access)'}