According to reports by Asahi Shimbun, the attack on Mitsubishi Heavy Industries (MHI) led to the loss of sensitive information, after systems in several corporate locations were compromised by Malware this past August.
On August 19, MHI reported that they had discovered Malware on several systems, but remained confident that they had controlled the situation. Yesterday, MHI reported that they “recently confirmed unintended transferring of some information on the company's products and technologies between servers within the company.”
“Based on the finding, the company investigated the incident further and recognized the possibility of some data leakage from the server in question. To date the company has not confirmed any leakage of data to be protected concerning defense and nuclear power. The company is continuously carrying out investigation in other product areas also,” MHI added in their statement.
However, sources told Asahi Shimbun that indeed the additional investigation reveled evidence that information about defense equipment and nuclear power plants were transferred offsite. According to the Japanese news agency, the defense data included information on fighter jets and helicopters, and the nuclear data focused on design, equipment, and safety.
At the time of the breach, MHI investigators discovered 89 compromised hosts in eleven separate locations, including two shipyards overseeing submarine construction, and a facility developing missile guidance systems.