The Japanese defence ministry said late on Monday that sensitive data on defence equipment may have been breached as a result of cyberattacks on Mitsubishi Electric Corp, a major supplier of the country’s defence and infrastructure systems. The company has told the ministry that potentially stolen data included requirements for defence equipment that the ministry specified for contract bidders in October 2018, the ministry said in a statement.
The ministry said it was still in the process of investigating the security impact of the potential leak. Mitsubishi Electric did not win the contract in the auction. Mitsubishi Electric initially denied the possibility of a breach of sensitive defence and infrastructure data when it first reported on the 200-megabyte cyberattacks by a third party on Jan. 20. But subsequent checks at the company revealed that the defence ministry’s information that required special care was included in data potentially stolen by the attacks, Mitsubishi Electric said in a separate statement on Monday.
The company has said it first discovered the cyberattacks in June last year, more than half a year before it disclosed them to the public. The move follows a worrying trend in the cyber world, where targeted attacks are being held on companies that are contracted in increasingly important national projects. The increasing frequency of the attacks have often prompted many activists, regulators and legislators to call for establishing laws, practices and governance on how such data must be dealt with.
However, it has been increasingly difficult to deal with such issues, since the nature of cyber attacks have been constantly evolving. Going forward, it remains to be seen how nations deal with the prospect of such attacks, and how new laws are framed taking such variable factors into account.
(With inputs from Reuters)