A high-tech military contractor, which suffered an attack from hackers earlier this year, is reported to have lost sensitive data related to defence equipment including fighter jet planes and nuclear power plant plans.
The Ashai Shimbun claims that when Mitsubishi Heavy Industries was hit by an attack earlier this year sensitive data and plans were also stolen from the company's network.
The news report claims that sources told it that an investigation had discovered information about fighter jets, helicopters and nuclear power plant design and safety plans, could have been stolen following a malware infection.
According to reports, checks on Mitsubishi Heavy computers have uncovered evidence that information was transmitted via them to parties unknown.
Mitsubishi Heavy Industries, Japan's biggest defense contractor, revealed that it had suffered a malware attack in August which affected network servers and PCs at ten facilities across Japan, including its submarine manufacturing plant in Kobe and the Nagoya Guidance & Propulsion System Works, which makes engine parts for missiles.
The firm was criticised for not reporting the security breach to Japan's Defence Ministry until a month later, when details emerged in the press.
At the time, a Mitsubishi spokesperson said that "there is no possibility of any leakage of defense-related information at this point."
A large question mark remains regarding who was responsible for the targeted attack on Mitsubishi Heavy Industries.
Earlier this year there were a series of cyber attacks against US military contractors, including Lockheed Martin, L-3 Communications and Northrop Grumman, and US Deputy Defense Secretary William Lynn publicly claimed that a foreign intelligence agency was behind a hack attack that stole classified information about a top secret weapons system.
Whoever it was who attacked Mitsubishi Heavy Industries, and whatever their motive, it's clear that all organisations need to take their computer security very seriously.
Cybercriminals, whether state-sponsored or not, are interested in stealing sensitive information which could have more than a financial value. You would be foolish to ignore such a threat. As such, it's essential that you ensure that your organisation has strong defences in place to reduce the risk of attack.
Follow @gcluley
![Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]](http://sophosnews.files.wordpress.com/2013/05/lulzsec-poll-thumb.jpg?w=75&h=75&crop=1)
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
Typo: At the time, a Mitsubishi spokesperson said that that... (there's an extra "that")
Good write up though. I'm currently in college pursuing a career in computer security and I may end up working for a defense contractor someday. I just hope that it's not as stressful as it seems with all the news of these recent attacks.
Thanks. Typo now sorted.
I don't understand why computers with data such as this are connected to the web in the first place. If you have material requiring a level of secrecy on your computer, you computer shouldn't be on the web where it can be compromised. Period.
How can people so smart be so dumb at the same time?
Companies with data this sensitive should have a security admin on at all times watching the logs. No matter how good your security is, there are people who can crack it. It takes both good security measures, and eyes on the logs to prevent problems like this.