Photo/Illutration The building housing the headquarters of Mitsubishi Electric Corp. in Tokyo’s Chiyoda Ward (Asahi Shimbun file photo)

The Defense Ministry reversed its earlier announcement and said that “sensitive” defense-related data may have leaked in the multiple cyberattacks against Mitsubishi Electric Corp.

The ministry made the new announcement after Mitsubishi Electric on Feb. 10 reported the possible breach in information concerning defense equipment.

The company said it recognized the possible leak on Feb. 7 when it was compiling a report on the cyberattacks for submission to the ministry. It apologized for failing to safeguard the information.

On Jan. 20, when the attacks were reported by The Asahi Shimbun, the Defense Ministry said Mitsubishi Electric reported “no leaks of sensitive data.”

Mitsubishi Electric said in a statement released on Jan. 20 that its in-house investigation found “no leaks of sensitive data in the defense, electric and railway industries.” It also said “classified information on technology and vital information about its customers were not compromised.”

The ministry said on Feb. 10 that the possible leak concerns a document that the ministry’s Acquisition, Technology and Logistic Agency lent to the company in October 2018.

The document, which consists of more than 10 pages, contained performance details of a trial model of defense equipment that the ministry sought.

Although the document’s contents are not considered a “secret” directly related to national security, the information was classified as requiring careful handling.

The ministry has three categories for sensitive data based on the degree of confidentiality: “secret,” “internal use only,” and “handle with caution.”

Mitsubishi Electric digitized the document without asking the ministry for permission and kept it in a computer terminal connected to the internet.

When the ministry lent the document to Mitsubishi Electric, it called for careful handling of the data and had the company submit a paper pledging compliance with the ministry’s directive.

The document was provided to several companies when the ministry was soliciting bids for research and production of a trial model for the defense equipment.

A rival of Mitsubishi Electric won the bid for the ministry contract.

The Defense Ministry declined to disclose details about the information that may have been breached in the cyberattacks. It said it is assessing the extent of the damage in terms of national security.

Mitsubishi Electric said it became aware that it was under attack from hackers when its computer network system showed unusual activity on June 28 last year.

Its in-house investigation said multiple Chinese-affiliated hacking groups, including BlackTech and Tick, were involved in the attacks.

(This article was written by Yoshitaka Ito and Ryoko Takahashi.)

Related News