Kadokawa Corporation, a major Japanese publisher, has confirmed a significant data breach affecting 254,241 individuals due to a cyberattack. The Kadokawa data breach, discovered on June 8, was revealed following a thorough investigation by third-party cybersecurity experts.
The cyberattack on Kadokawa, which targeted the Group’s data center, specifically affected DWANGO Co., Ltd., a subsidiary known for its Niconico services.
Details of the Kadokawa Data Breach
Kadokawa’s announcement detailed the extent of the information compromised in the ransomware attack. The affected data in Kadokawa data breach includes:
- Business Partners: Personal information (names, dates of birth, addresses, telephone numbers, email addresses, pseudonyms, bank account details, etc.) of some business partners of DWANGO Co., Ltd., and its affiliates.
- Former Employees: Personal information of former employees of DWANGO Co., Ltd., and its affiliated companies.
- Interviewees: Personal details of individuals interviewed by DWANGO Co., Ltd., and its affiliates.
- Students and Educators: Personal data of current students, graduates, parents, applicants, and document requesters from N Progressive School and N/S High Schools, including information on educational background and student status.
- Employees: Personal information of all employees of DWANGO Co., Ltd., including contract and temporary workers, and some employees of affiliated and sibling companies.
In addition to personal data, the Kadokawa data breach also included company information such as contracts with business partners, internal documents, and information about companies operated by former employees.
Kadokawa has been proactive in addressing the breach. The corporation has reported the incident to Japan’s Personal Information Protection Commission and has set up a dedicated helpdesk to assist affected individuals.
Cause of Kadokawa Data Breach
According to the investigation, the exact method of the cyberattack remains unknown, but it is presumed that the Kadokawa data breach was initiated by stealing employee account information through phishing attacks. This led to unauthorized access to the internal network and subsequent deployment of ransomware, resulting in the data leak.
Despite existing security measures, Kadokawa acknowledges the failure to prevent this incident and commits to implementing further measures to prevent recurrence, with continued support from external security firms.
Kadokawa is currently assessing the impact of this data breach on its business performance for the current fiscal year and will provide updates as necessary. The corporation is also addressing the potential for secondary damage, including the dissemination of leaked information on social media and anonymous bulletin boards.
Measures Against Malicious Dissemination
Kadokawa has identified and reported 896 cases of malicious information dissemination related to DWANGO Co., Ltd., and 67 cases related to the Kadokawa DWANGO Educational Institute across platforms like X (formerly Twitter), 5ch, and various curation sites.
The corporation is actively requesting the deletion of such posts and pursuing information disclosure requests to identify and take legal action against the originators of these malicious acts.