Data breach due to leaked credentials following a computer virus
Information of more than 17,000 employees and business partners of Nikkei Inc. has been compromised following unauthorised access to the company's business chat platform.
Nikkei, one of Japan's largest media organisations, revealed the incident on Tuesday, saying they detected the unauthorised access in September.
"An unauthorised external login occurred on 'Slack,' the business chat platform which is used by Nikkei Inc. for some of its operations," it said in a statement.
"There is suspicion that information regarding employees and business partners may have been leaked."
Potentially leaked information includes the names, email addresses, and chat histories for 17,368 individuals registered on Slack, according to the company.
"Countermeasures such as changing passwords were implemented," it said. "No leakage of information related to sources or reporting activities has been confirmed."
Computer virus leads to breach
Nikkei attributed the unauthorised access to an employee's personal computer that became infected with a virus, which led to the leakage of Slack authentication credentials.
"It is believed that this information was used to gain unauthorised access to employee accounts," it said.
Nikkei said it voluntarily reported the incident to the Personal Information Protection Commission given the incident's significance and to ensure transparency.
"We take this incident seriously and will further strengthen personal information management to prevent any recurrence," it added.
In Japan, the Act on the Protection of Personal Information requires organisations to report data leaks. However, personal information used for reporting and writing purposes is generally exempt from this obligation.
