On September 20, 2024, Ishimitsu Shoji Co., Ltd. reported a ransomware attack that affected some of its servers and those of its domestic subsidiaries, including Tokyo Allied Coffee Roasters, Kansai Allied Coffee Roasters, and US Foods. The company discovered the attack on September 18, 2024, when it found files on various servers encrypted and inaccessible due to unauthorized external access. In response, Ishimitsu Shoji isolated the impacted systems and began working with external experts to investigate the full extent of the damage and to restore operations.
The attack was traced to unauthorized access through a SIM-enabled laptop via remote desktop, which allowed attackers to compromise multiple servers. Although some data was exfiltrated, Ishimitsu Shoji confirmed that personal information was not part of the exposed data. However, the attack led to significant data loss, including the encryption of personal data that had no backups. This data loss affected both internal and external records, with irretrievable employee and job applicant information being compromised.
The company reported that 21 internal personal records of employees and their dependents were encrypted, along with 28 resumes submitted for job applications. Additionally, US Foods, a subsidiary of Ishimitsu Shoji, reported that the attack had compromised 13 internal records and up to 100 bank account details intended for refunds, as well as 11 resumes. Although personal data wasn’t fully exposed, the loss of certain information and its inability to be recovered is a major concern for the company.
As of November 1, 2024, Ishimitsu Shoji continues to work on restoring operations and mitigating the financial impact of the attack, which is still under review. The company has assured stakeholders that it is fully cooperating with authorities and external experts to resolve the issue. The incident highlights the risks associated with remote desktop access and the vulnerabilities that companies face when critical data is not backed up properly.
Reference:
