Infiltration allowed threat actors to exfiltrate customer and company details.
Nippon Steel Solutions, the cloud and cybersecurity service-focused subsidiary of the Japanese company, has confirmed having information from its customers, partners, and employees pilfered following a March data breach.
The breach was facilitated by the exploitation of a network equipment zero-day vulnerability, reports Security Affairs. Infiltration of NS Solutions' systems allowed threat actors to exfiltrate customers' names, company names, job titles, affiliations, company addresses, business email addresses, and phone numbers.
Also, partners' names and business email addresses, and employees' names, email addresses, positions, and departments, noted the firm in a data breach notice.
NS Solutions stressed that none of its cloud services have been affected by the incident and that there has been no evidence suggesting misuse of the stolen data. "...[W]ith the advice of external experts, we have taken appropriate measures, such as isolating and reconstructing the devices that were illegally accessed, as well as measures to address remaining risks, such as strengthening exit measures and behaviour detection, and have restored the safety of our company’s internal network," said NS Solutions.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
