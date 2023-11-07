Shimano is the latest high-profile victim of ransomware specialists LockBit, with 4.5 TB of sensitive data reported to have been stolen. Cyber Daily
reports that the stolen data is said to pertain to both Shimano customers and employees.
LockBit, previously known as ".abcd" after the file extension it adds to encrypted files, is a major cybersecurity threat that is known to have hit major companies such as Royal Mail, Boeing and Continental
in recent years. Another major brand hit recently by a similar cybersecurity threat includes Canyon Bicycles
. The ransomware works by encrypting valuable data such that the company is no longer able to access it. Furthermore, LockBit also threatens to post a victim's data on the dark web unless a ransom payment (often in the form of cryptocurrency) is made within a few days.
In the case of the Shimano data breach, the company was allegedly given a deadline of November 5th 2023. Details of the ransom amount are unknown, and we have been unable to verify that deadline, or learn of whether or not Shimano gave in to any demands.
In Japan, while it is not illegal to pay the ransom
in the case of a cybersecurity threat, the laws does state that, "if a director of a company negligently pays a ransom and therefore causes unjustifiable losses to the company, such payment can be considered as a breach of duty of care owed to the company". It also reads, "in any case of data breach, handling operators are also required to notify the data subjects whose personal data is compromised".
We have reached out to Shimano for comment, and will provide an update here as more information comes to light.
