Japanese anime and gaming giant admits data leak following ransomware attack
Japanese media giant Kadokawa confirmed that some of its data was leaked in the ransomware attack last month.
In a statement on Saturday, Kadokawa said that the leaked data included business partner information, including contracts and other documents, as well as internal company data such as personal information on all employees of its subsidiary Dwango, which runs the popular Japanese video-sharing site Niconico.
“Kadokawa reiterates its deepest apologies to our customers and all those concerned for the considerable inconvenience and trouble this matter has caused,” the statement said.
The company assured that it doesn’t store credit card information for its customers, including Niconico users, “preventing the leakage of this information.”
Kadokawa runs various businesses in the film, publishing and gaming industries. For example, it operates a Japanese e-book store called BookWalker, which sells manga, novels and magazines from various publishers. It holds a majority stake in FromSoftware, the developer of the video popular game Elden Ring.
Last week, the BlackSuit ransomware gang published a small sample of the stolen data and threatened to publish the rest if the company didn’t pay a ransom. BlackSuit is said to have gained access to 1.5 TB of the company’s data.
🚨 #CyberAttack 🚨
— HackManac (@H4ckManac) June 27, 2024
🇯🇵 #Japan: KADOKAWA Corporation, a Japanese media conglomerate, has been listed as a victim by the Black Suit ransomware group.
The hackers allegedly exfiltrated 1.5 TB of data, including:
- Contracts;
- DocuSigned papers;
- Various legal papers;
-… pic.twitter.com/7c8O7SGTGy
Kadakowa is aware of these claims and said that it is “in the process of confirming their authenticity.”
“In July, we expect to receive accurate information based on the findings of external professional organizations. We shall report this as soon as it is ascertained,” the company added. It did not say if it is planning to pay a ransom.
Kadakowa detected a cyberattack on its services in early June. According to the investigation, the hackers targeted servers located in the data center.
Due to the attack, Niconico — one of the largest video posting sites in Japan — temporarily shut down its live streaming platform and user channels “to minimize the impact” of the incident.
Read more: Japanese video-sharing website Niconico suspends services following cyberattack
Kadokawa said that the incident impacted most of the company's and its subsidiary's operations since they were hosted in the same data center.
“Kadokawa is currently considering solutions and workarounds quickly on a company-wide basis in order to normalize its systems and business activities,” the company said in a statement on Friday.
BlackSuit is a rebrand of the Royal ransomware group, whose operators are believed to be from the now-defunct Conti cybercrime gang. BlackSuit is also believed to be behind the cyberattack on CDK Global, a major software provider for the automotive industry.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.