TOKYO — Mitsubishi Electric Corp. said Monday that personal information of over 8,000 job applicants, employees and retirees, and data regarding government agencies and other business partners may have been compromised in a massive cyberattack.
A key player in Japan’s defense and infrastructure industries, the electronics giant said that among the potentially leaked information are email exchanges with the Defense Ministry and the Nuclear Regulation Authority as well as documents related to projects with private firms, including utilities, railway operators, communications and automakers.
It said, however, that no highly sensitive information pertaining to infrastructure operations or important information regarding clients had been breached. “We have not confirmed any damage or impact,” the company said.
The attack came as Mitsubishi Electric has been strengthening its cybersecurity business, offering services on protection at data centers, office buildings and public facilities since July last year.
It said data related to 1,987 job applicants — new graduates seeking entry between October 2017 and April 2020 as well as experienced people seeking to be hired between 2011 and 2016 — are feared to have leaked.
The company also said results of a 2012 survey on human resources matters on 4,566 employees and data related to 1,569 retirees who received severance money between 2007 and 2019, may have been compromised.
In addition, documents containing sales and technology information may have been breached, it said.
Mitsubishi Electric last June spotted irregular activity on devices located in Japan, and conducted an internal investigation, which found unauthorized access to the management section at its head office building and elsewhere.
A Chinese cybercrime group is suspected of carrying out the unauthorized access to personal computers and servers, a source close to the matter said.
Chief Cabinet Secretary Yoshihide Suga said the government has been notified of the matter. “They have confirmed there is no leak of sensitive information regarding defense equipment and electricity,” Suga said.
Mitsubishi Electric released a statement saying, “We deeply apologize for causing great worry and inconvenience.”
It started Monday to notify and apologize to individuals whose information may have been breached, the company said, adding it will continue to bolster its information security and monitoring measures.
Mitsubishi Electric has been a major manufacturer in the defense field, and had the third-largest contract for major defense equipment at the Defense Ministry in fiscal 2018.