Mizuno USA, the American subsidiary of the Japanese sports equipment manufacturer Mizuno Corporation, confirmed a data breach following a cyberattack that occurred in late 2024. The breach was detected after suspicious activity was identified on the company’s network on November 6, 2024. An investigation revealed that hackers had infiltrated the network and periodically exfiltrated sensitive information between August 21, 2024, and October 29, 2024. The data stolen in the attack includes names, Social Security numbers, financial account information, driver’s license details, and passport numbers.
While the exact number of affected individuals has not been disclosed, Mizuno USA informed customers about the breach and offered them a year of free credit monitoring and identity theft protection services. The company also advised customers to monitor their financial accounts closely for any signs of fraud.
The breach is thought to have compromised a significant amount of sensitive personal and financial data, potentially impacting many of Mizuno’s customers.
The BianLian ransomware group is suspected of being behind the attack, and the exfiltrated data is reported to include a wide range of information such as financial data, HR records, contracts, client and vendor information, trade secrets, and internal email correspondence. The hackers also reportedly gained access to confidential agreements and intellectual property. Mizuno USA has acknowledged the severity of the attack and is working to address the security gaps exploited by the attackers.
In response to the breach, Mizuno USA filed a report with the Maine Office of the Attorney General, disclosing the details of the attack and its response actions. The company is focusing on improving its security infrastructure to prevent similar incidents in the future. As part of its mitigation efforts, Mizuno USA continues to offer affected individuals identity protection services and is taking steps to bolster its defenses against cyber threats.
Reference: