Stolen Shimano data leaked online
Data stolen from Shimano has been leaked online.
Cycling Weekly reported last week that it has seen material posted on the web after Shimano had been targeted by ransomware group, LockBit which had threatened to release sensitive data unless a ransom was paid.
Cycling Weekly said that the data was released online in various languages across multiple folders showing payroll details of thousands of employees, manufacturing data and sales projections.
It added that it seems likely that Shimano did not pay the ransom demand and has not expanded on its original statement which followed reports of the hack. At the time a spokesperson said: “This is an internal matter at Shimano which is being investigated. However, we cannot comment on anything at this time.”
In the original ransom note from LockBit it is reported that Shimano was warned that if it did not pay the ransom it would attack the company again in the future.
Speaking to Cycling Weekly earlier this month, Dr Harjinder Lallie, a reader in cyber security at the University of Warwick in the UK, explained that the leak could result in intellectual property being passed to competitors.
“The company is in a bit of a conundrum,” Dr Lallie said. “Sure, they might have back-ups. So they might think, well, it doesn’t matter that you’ve got our designs, it’s not like we won’t be able to continue to function, we’ll carry on functioning.
“The bit that they would be really nervous about is the passport data getting leaked out obviously. And the designs ending up in the hands of competitors. There’s all the financial data too, which could reveal their financial position as well. Whichever way you look at it, this isn’t a good place for Shimano to be.”