DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

JP: Sports Club NAS and Concrete Manufacturer Ito Yogyo Both Report Ransomware Incidents

Posted on June 20, 2021 by chum1ng0

Two Japanese firms have recently disclosed ransomware incidents.

Sports Club NAS, a Daiwa House Group subsidiary, issued the following statement (machine translated):

Apology and report of unauthorized access to our server.

Membership management operated in some of our stores (9 stores in total) on April 2, 2021 due to unauthorized access to our server (hereinafter referred to as the “Server”) from outside. A system failure (hereinafter referred to as the “System”) has occurred. We deeply apologize for any inconvenience and concern caused to you. We also apologize for the delay in reporting due to the time required to consider system recovery, investigate data leaks, and extract and analyze personal information stored on the server.

According to a survey conducted by a research firm, the ransomware infected with the server this time is not the type that steals information, and as of May 18, 2021, the research firm has asked customers, etc. We have received reports that we have been unable to confirm the fact that the information is posted on an external site.

For the time being, we will continue to investigate whether or not the customer information is disclosed on external sites with the cooperation of an external research company.

To date, no secondary damage has been confirmed due to the use of customer information, but we have established a call center to collect information such as inquiries on this matter. If you have suspicious emails or phone calls, please let us know at the end of the inquiry.

If it is confirmed that customer information, etc. has been leaked by future inquiries, etc., we will report it again.

Inquiries from many people are expected to be concentrated. Depending on the content of frequently asked questions and inquiries, we may respond in writing (including email) or by posting on our website. Thank you for your understanding.

The remainder of their posting provides specific details about the information on the server and why they do not believe that data was exfiltrated. In terms of the number of people impacted, they report the following number of individuals with information on the server

Member information:
150,084 people
(34,920 people including credit card information)
— Name, address, date of birth, gender, telephone number, member number, email address, emergency contact information , Credit card information, account information, one or more of work (name, address, phone number)

Employee information:
460 people
— name, date of birth

For the full statement and details, see their web site.

In other news from Japan, Ito Yogyo Co., Ltd, which manufactures concrete for roads, also issued a statement disclosing a ransomware attack   (machine translation follows):

The facts and recovery status found so far are as follows:

Early in the morning of June 10, 2021, we confirmed that our server had unauthorized access that appeared to be ransomware.

Immediately after that, to prevent the damage from spreading, we stopped the server and personal computers that could have an impact and shut down the network.

On the same day, after the restoration work, the server and personal computer were resumed and confirmed to be safe, and the locked network started communication.

In addition to informing the police and other related ministries and agencies, we are proceeding with the response in cooperation with related organizations.

At this time, we have not confirmed the leakage of information stored on this server or the fact that it has been illegally disclosed.

In the future, if new facts are clarified to be announced, we will inform you again on the home page, etc.

In light of this situation, we will work to further strengthen our information management system to prevent a recurrence.

We sincerely apologize for any inconvenience and concern caused to all parties concerned.

If you have any questions or queries regarding this matter, please contact the following: (Inquiry form https://itoyogyo.co.jp/contact/ )

Neither victim corporation identified the type of ransomware used, and Sports Club NAS specifically noted that they did not receive any ransom demand.

DataBreaches.net did not find data from either firm on any of the usual dedicated leak sites or forums where data tends to be traded or sold.

Related posts:

  • Pysa shuttered its leak site before it ever dumped data from more than half a dozen schools. Here’s what we know so far.
  • The Ransomware Superhero of Normal, Illinois
Category: Business SectorMalwareNon-U.S.

Post navigation

← FL: “Grief” claims to have breached The Woodruff Institute
N.Korean Hackers Target S.Korean Submarine Data →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.