Panasonic says Canadian operations hit by ‘targeted’ cyberattack

Japanese tech giant Panasonic has confirmed its Canadian operations were hit by a cyberattack, less than six months after the company last fell victim to hackers.

In a statement provided to TechCrunch, Panasonic said that it was a victim of a “targeted cybersecurity attack” in February that affected some of its systems, processes and networks.

“We took immediate action to address the issue with assistance from cybersecurity experts and our service providers,” said Panasonic spokesperson Airi Minobe. “This included identifying the scope of impact, containing the malware, cleaning and restoring servers, rebuilding applications and communicating rapidly with affected customers and relevant authorities.”

According to VX-Underground, a malware research group that collects malware samples and data, the Conti ransomware-as-a-service (RaaS) group has claimed responsibility for the attack. (RaaS groups typically rent out their ransomware infrastructure to others in return for a percentage of any ransom proceeds.) The gang, which has previously targeted Fat Face, Shutterfly and Ireland’s healthcare service, claims to have stolen over 2.8 gigabytes of data from Panasonic Canada. TechCrunch has seen Conti’s leak page, which purports to be sharing internal files, spreadsheets and what appears to be documents belonging to Panasonic’s HR and accounting departments.

When asked by TechCrunch, Panasonic did not dispute that the incident was the result of a ransomware attack. The company declined to say what data was accessed, nor how many people were impacted by the breach, but said that the incident only affected its Canadian operations.

“Since confirming this attack, we have worked diligently to restore operations and understand the impact to customers, employees and other stakeholders,” Minobe added. “Our top priority is continuing to work closely with affected parties to fully mitigate any impacts from this incident.”

It’s unclear whether the group — which in February had its own internal chats leaked after declaring its support for Russia’s invasion of Ukraine — made a ransom demand.

Panasonic is no stranger to cyberattacks. In November last year, the company admitted that its network was “illegally accessed by a third party” and that “some data on a file server had been accessed during the intrusion.” Two months later, Panasonic revealed that hackers had accessed personal information belonging to job candidates and interns.

Panasonic’s India operations were hit by ransomware in December 2020, which led to hackers leaking four gigabytes of data, including financial information and email addresses.