Shimano: attackers claim to publish stolen data
Shimano, a cycling components manufacturer, allegedly suffered a data breach and had the company’s data published.
Notorious ransomware gang LockBit claims it has released the data it stole from the Japanese multinational manufacturing company Shimano, best known for its cycling components. Shimano was posted on LockBit’s dark web blog, which the gang uses to showcase its latest victims.
According to the attackers, they’ve stolen a whopping 4.5 terabytes of data, including a trove of sensitive details. The leak allegedly includes personal employee data, financial documents, client databases, non-disclosure contracts (NDAs), lab tests, and other information.
The company reportedly has yet to comment on the supposed attack.
Ransomware operators breach companies to steal their data and disrupt operations by encrypting access to critical systems. Cybercriminals then demand a ransom from victims and promise to provide a decryptor and return the stolen data.
If a business refuses to pay, gangs drip-release the data to muscle them into coughing up, setting an example for others. Even the biggest companies have fallen victim to this tactic – for example, the global aerospace commercial jetliner manufacturer Boeing has been listed as one of the gang’s latest scalps.
Based in Sakai, Japan, Shimano is a globally recognizable brand with yearly revenues exceeding $4.8 billion in 2022. The company employs nearly 13,000 staff.
Meanwhile, the LockBit ransomware gang has been the most notorious cartel over the last few years. The attackers have executed over 1,400 campaigns against victims in the US and around the world, including Asia, Europe, and Africa.