• HOME
  • [Business] KADOKAWA Announces Results of Information Leak Investigation: Personal Data of 254,241 People Confirmed Leaked
Japan Anime News Edit by Taimu Tsuji

[Business] KADOKAWA Announces Results of Information Leak Investigation: Personal Data of 254,241 People Confirmed Leaked

KADOKAWA

KADOKAWA


On the 5th, KADOKAWA released the results of their investigation into the information leak caused by a ransomware attack on their group. They confirmed that personal information of a total of 254,241 individuals was leaked externally.

On June 8, KADOKAWA experienced a server access issue, prompting an immediate internal analysis. It was confirmed that a large-scale cyberattack, including ransomware, targeted services centered around Niconico, affecting dedicated file servers within the group's data center, including those of Dwango Co., Ltd.

Since the incident, the group has been working with a major external security firm to assess the extent of the leak and the information involved. The findings from the current investigation are as follows, based on KADOKAWA's report:


Confirmed External Leak Information:

Personal Information:
Total 254,241 People

External Information:
Personal information related to Dwango Co., Ltd. and some of its affiliates (including creators and sole proprietors) (names, birthdates, addresses, phone numbers, email addresses, activity names, account information, etc.)
Personal information of some individuals who interviewed with Dwango and its affiliates (names, birthdates, addresses, phone numbers, email addresses, selection history, etc.)
Personal information of some students, graduates, parents, applicants, and information requesters of N Middle School, N High School, and S High School (names, birthdates, addresses, phone numbers, email addresses, academic background, admission year, homeroom teachers, future schools, etc.)
Personal information of some former employees of Kadokawa Dwango Gakuen (names, email addresses, account information, employee numbers, affiliated organizations, etc.)

Internal Information:
Personal information of all employees of Dwango Co., Ltd. (including contract employees, temporary staff, part-timers) (names, birthdates, addresses, phone numbers, email addresses, academic background, account information, employee numbers, attendance information, etc.)
Personal information of some employees of Dwango's affiliates and sibling companies (names, birthdates, addresses, phone numbers, email addresses, academic background, account information, employee numbers, attendance information, etc.)
Personal information of some employees of Kadokawa Dwango Gakuen (names, email addresses, account information, employee numbers, affiliated organizations, etc.)

Corporate Information:

External Information:
Contracts with some clients of Dwango Co., Ltd.
Contracts of some past and current affiliates of Dwango
Information about companies operated by some former employees of Dwango

Internal Information:
Internal documents of Dwango Co., Ltd., including legal-related documents
Notice to Affected Individuals:
Those confirmed to have had their information leaked will receive an individual apology and notification. A dedicated inquiry desk has been set up for this issue. For those we cannot contact individually, this announcement serves as the notification.

Cause and Countermeasures:
According to the investigation by an external security firm, although the exact method and route are currently unknown, it is presumed that the root cause was the theft of employee account information via phishing attacks. The stolen account information was then used to infiltrate the internal network, execute ransomware, and leak personal information.

Despite the company's previous emphasis on information security and implemented measures, the incident could not be prevented. Taking this incident seriously, the company will implement further measures advised and inspected by the external security firm to prevent recurrence.

Impact on Business Performance:
The impact of this incident on the company's consolidated performance is currently under review. Any material matters will be disclosed promptly.

Secondary Damage and Risks:
There have been confirmed instances of information being spread on anonymous boards and social media, allegedly by the organization responsible for the cyberattack. KADOKAWA, Dwango, and Kadokawa Dwango Gakuen have strengthened measures against these spreading actions through a cross-company task force.

In collaboration with lawyers, they are actively monitoring and requesting the deletion of malicious posts on social media, anonymous boards, and various aggregate sites. Reports of spam emails are also being addressed in cooperation with the police. The progress as of August 2 is as follows, aiming to minimize secondary damage and protect the privacy and rights of all involved.

Confirmed Malicious Information Spread Instances (As of August 2):
Dwango Co., Ltd.: 896 instances
Breakdown: X (formerly Twitter): 160 / 5ch: 522 / Aggregate sites: 29 / Discord and others: 185
Kadokawa Dwango Gakuen: 67 instances
Breakdown: X (formerly Twitter): 11 / 5ch: 45 / Aggregate sites: 1 / Others: 10
Deletion Requests and Information Disclosure Requests:

Deletion Requests: Requests have been made to social media and anonymous board operators to delete recognized malicious posts. Multiple posts have already been confirmed deleted.
Information Disclosure Requests: Requests for the disclosure of sender information for malicious posts have been made to social media and anonymous board operators, with preparations for strict legal action against identified senders.
Criminal Complaints and Legal Action:
Legal action, including criminal complaints, is being prepared against high-severity information spreaders, including evidence preservation and deleted posts.

Warning Against Information Spread:
Illegally disseminating others' personal information can result in legal penalties and exacerbate the impact of information leaks on individuals' lives and businesses, potentially increasing similar future crimes. Threatening messages towards those involved in the incident have also been observed, indicating a serious risk of further harm. Illegal acts such as spreading false information and defamation are also prohibited. Please refrain from such actions.

We deeply apologize for the considerable concern and inconvenience caused to our customers and all related parties.

KADOKAWA will continue to respond firmly to malicious information spread and other illegal activities, striving to protect the privacy and safety of all involved. We take this incident seriously and will work to identify the cause, strengthen our security systems, and prevent recurrence.


Source : ORICON NEWS

KEYWORD