The personal information of employees was stolen in a ransomware attack targeting a Philippines subsidiary of Yamaha Motor.
The incident, the Japanese mobility and industrial giant says, occurred on October 25, and only impacted one server managed by Yamaha Motor Philippines, the company’s motorcycle manufacturing and sales subsidiary in the country.
The server, Yamaha Motor says, “was accessed without authorization by a third party and hit by a ransomware attack, and a partial leakage of employees’ personal information stored by the company was confirmed.”
Yamaha says it immediately set up a “countermeasures team”, took steps to prevent further damage, and launched an investigation into the incident. The attack was also reported to the Philippine authorities.
On November 16, the investigation revealed that some personal information stored by Yamaha Motor Philippines was compromised in the attack.
The company says it has restored all Yamaha Motor Philippines servers and systems that were not impacted in the attack. The incident did not affect the headquarters and other companies in the Yamaha Motor group, the motorcycle maker says.
While Yamaha did not name the ransomware group responsible for the attack, the INC Ransom gang has claimed responsibility for the incident.
Active since July 2023, the ransomware group appears opportunistic in nature, targeting organizations in various industries, typically by exploiting vulnerable internet-facing assets.
According to SentinelOne, INC Ransom has been observed exploiting CVE-2023-3519, a critical-severity Citrix NetScaler ADC and Gateway vulnerability that came to light in July, when it was exploited as a zero-day by both financially motivated and state-sponsored threat actors.
Last week, INC Ransom published on its leak site data allegedly stolen from Yamaha Motor Philippines, including identification documents, employee ID cards, and various internal documents.
Over the past month, the ransomware gang has claimed hacking into the systems of a dozen organizations, including WellLife Network, Decatur Independent School District, Guardian Alarm, EFU Life Assurance, and Global Export Marketing.
Related: Yellen Says Ransomware Attack on China’s Biggest Bank Minimally Disrupted Treasury Market Trades
Related: Western Digital Confirms Ransomware Group Stole Customer Information
Related: Windows Zero-Day Exploited in Nokoyawa Ransomware Attacks