Japanese information and communications technology company NTT says it is possible a further 271 customers have been affected by information leaks.
Along with announcing a month ago hackers may have stolen data from 621 clients, the group began an internal investigation into unauthorised access to the construction information management server in Japan. The company uses the server to manage its Biz Hosting Enterprise and Enterprise Cloud option services as well as internal operations.
The probe found service-related construction information on another 83 clients may have been leaked from the server. NTT is contacting those customers.
“There has been no effect on service availability or the quality of cloud services, including services provided outside of Japan. Information on consumer customers was not affected,” the company added.
Concerning unauthorised remote operation of the company’s internal servers, NTT said the forensic investigation and analysis of internal file servers’ access history has revealed 188 customers may have been affected. The company is contacting them.
“No clients outside of Japan were affected. Information on consumer customers was not affected,” it added.
In response to the incidents, NTT said it is:
- introducing measures to quickly recover any server in the event of a spoofing attack;
- working to prevent any recurrence by introducing endpoint detection and response technology to strengthen and accelerate security based on a zero-trust policy;
- reviewing the structure of information management in internal file servers;
- strengthening the role of the company’s independent ‘Red Team’ which executes pseudo attacks to evaluate and propose security measures; and
- implementing threat-led penetration testing for internal IT and operational technologies.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.