Japan-based Nippon Steel Solutions on Tuesday disclosed a data breach that resulted from the exploitation of a zero-day vulnerability.
Nippon Steel Solutions, also called NS Solutions, offers cloud, cybersecurity and other IT solutions. The company is a subsidiary of Japanese steel giant Nippon Steel, which recently acquired US Steel in a controversial deal.
Nippon Steel Solutions said in a statement posted on its Japanese-language website that it detected suspicious activity on some servers on March 7.
An investigation showed that hackers had exploited a zero-day flaw in unspecified network equipment, and gained access to information on customers, partners and employees.
In the case of customers, the attackers may have stolen information such as name, company name and address, job title, affiliation, business email address, and phone number.
The exposed information in the case of partners includes names and business email addresses, while in the case of employees the attackers may have obtained names, business email addresses, job titles, and affiliation.
Nippon Steel Solutions said the information may have been exfiltrated, but to date it has found no evidence of a data leak on the dark web or elsewhere.
The notorious ransomware group BianLian claimed to have stolen hundreds of gigabytes of data from Nippon Steel USA in mid-February, including files related to finances, employees, and production.
The cybercriminals at the time threatened to leak all of the stolen data, but the group went dark a few weeks later.
Nippon Steel does not appear to have confirmed a data breach in response to BianLian’s claims and it’s unclear if the two incidents are related.
SecurityWeek has reached out to NS Solutions for clarifications and will update this article if the company responds.
Related: Steelmaker Nucor Says Hackers Stole Data in Recent Attack
Related: Qantas Data Breach Impacts Up to 6 Million Customers
Related: Ingram Micro Scrambling to Restore Systems After Ransomware Attack
