‘We will continue to provide updates as we make progress,’ the company said in a blog post.
Hitachi Vantara has confirmed experiencing a ransomware incident that disrupted some systems, with servers remaining offline and the support connect feature for partners made inaccessible for now.
The Santa Clara, Calif.-based hybrid cloud infrastructure and data protection products vendor will bring systems back online once its unnamed third-party subject matter experts remediate the incident, Hitachi Vantara said in a blog post that gave a partner support email address for solution providers to use while support connect is down.
“While we will try to provide as much information as we can, please know that our investigation is in its early stages and remains ongoing at this time,” the vendor said in the post. “We will continue to provide updates as we make progress.”
[RELATED: COLUMN: Why MSPs Have To Fight Apathy And Become Cybersecurity Pack Rats]
Hitachi Vantara Incident
CRN has reached out to Hitachi Vantara for comment.
Joe Kadlec, vice president and senior partner at Irvine, Calif.-based Hitachi Vantara partner Consiliant Technologies, told CRN in an interview that the solution provider sees no impact from the incident but continues to monitor communications from the vendor.
“This incident hasn’t impacted us at all,” he said.
Hitachi Vantara published the post Monday. The company identified suspicious activity from the incident on Saturday.
The incident disrupted Hitachi Vantara systems and the systems of its manufacturing division, according to the post.
Hitachi Vantara and its experts are investigating “the nature and scope of this incident” as well as “what specific platforms are impacted” and “what information may have been affected.”
“If we determine any sensitive data was affected as a result of this incident, we will provide notification in accordance with our obligations,” according to the company.
Self-hosted customers can still access data as normal. The vendor can still accept support cases manually made and sent by phone or email.
The company can’t monitor storage array environments. Its Remote Ops offer is also inaccessible.
Although not immediately clear if they were related to the recent incident, two Hitachi Vantara Pentaho BA Server vulnerabilities were logged by the U.S. Cybersecurity and Infrastructure Security Agency in March in CISA’s Known Exploited Vulnerabilities Catalog based on evidence of active exploitation.
One is an authorization bypass vulnerability and the other is a special element injection vulnerability.
Hitachi Vantara did not disclose that the incident was an Akira ransomware attack, but the incident was identified as such in a BleepingComputer article. The ransomware gang stole files from Hitachi Vantara’s network and dropped ransom notes on compromised systems.
Akira has been observed exploiting a critical-severity vulnerability affecting a wide array of SonicWall firewalls and a vulnerability with VMware ESXi. THe malware first emerged in March 2023.
Top 2025 channel goals for Hitachi Vantara include increasing the overall percentage of company revenue that comes through the channel, enabling partners to develop an AI strategy and sell AI solutions, and improving partner profitability, according to CRN’s Channel Chiefs.
In other cyber incident news, Conduent recently disclosed that a threat actor exfiltrated personal data belonging to a “significant number of individuals” connected to the solution provider’s clients in a January cyberattack.