Yamaha Motor confirms ransomware attack on Philippines subsidiary

Yamaha Motor’s Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak of some employees’ personal information.

The motorcycle manufacturer has been investigating the incident with the help of external security experts hired after the breach was first detected on October 25.

« One of the servers managed by [..] motorcycle manufacturing and sales subsidiary in the Philippines, Yamaha Motor Philippines, Inc. (YMPH), was accessed without authorization by a third party and hit by a ransomware attack, and a partial leakage of employees’ personal information stored by the company was confirmed, » Yamaha said.

« YMPH and the IT Center at Yamaha Motor headquarters established a countermeasures team and have been working to prevent further damage while investigating the scope of the impact, etc., and working on a recovery together with input from an external internet security company. »

Yamaha said the threat actors breached a single server at Yamaha Motor Philippines and that their attack didn’t impact the headquarters or any other subsidiaries within the Yamaha Motor group.

The company also reported the incident to relevant Philippine authorities and is currently working on assessing the full extent of the attack’s impact.

A Yamaha Motor spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.

Breach claimed by INC Ransom gang

While the company has yet to attribute the attack to a specific operation, the INC Ransom gang has claimed the attack and leaked what they claim is data stolen from Yamaha Motor Philippines’ network.

The threat actors added the company to its dark web leak site on Wednesday, November 15, and has since published multiple file archives with roughly 37GB of allegedly stolen data containing employee ID info, backup files, and corporate and sales information, among others.

Source