Japanese publishing giant Nikkei has confirmed a data breach after hackers gained access to its internal Slack platform, potentially exposing the personal information of over 17,000 employees and business partners.
The Tokyo-based media group said the attackers infiltrated its Slack workspace by stealing login credentials from an employeeโs malware-infected computer, granting them unauthorised access to company data.
Nikkei said in its statement. “We take this incident seriously and will further strengthen personal information management to prevent any recurrence. No leakage of information related to sources or reporting activities has been confirmed.
Nikkei said the breach was discovered in September, prompting immediate security measures, including mandatory password resets across all systems.
The company said the attackers may have accessed names, email IDs and chat histories for 17,368 individuals registered on the Slack platform. Although the company uses Slack for “some of its operations,” Nikkei did not reveal which subsidiaries or departments were affected.
Nikkei said that, despite the breachโs scale, the data exposed is not covered by Japanโs Personal Information Protection Law, which only applies to specific types of personal information. Even so, Nikkei voluntarily notified Japanโs Personal Information Protection Commission, citing the โsignificanceโ of the incident and its commitment to transparency.
Andy Ward SVP International at Absolute Security said, โThis incident highlights the growing reality that security is tethered to the users’ endpoints. In this case, the root cause was the compromise of an unmanaged, personal device. When employees use non-enterprise-managed endpoints to access corporate resources, organisations lose visibility and control, creating a blind spot that attackers are quick to exploit.
Any organisation can be a victim of cyberattacks. Enterprise security starts at the endpoint. Every unmanaged or unprotected deviceย connecting to company data expands the attack surface and increases the risk of costly downtime and disruption.
To reduce risk, enterprises must ensure every device that connects to collaboration tools or cloud platforms is both visible and secured. This means enforcing strict access controls, mandating endpoint health checks, and maintaining the ability to monitor and, if necessary, isolate compromised devices inย real time.
In todayโs hybrid work environment, where personal and professional use often overlap, organisations need continuous endpoint control,ย because if you canโt see a device, you canโt secure it.โ
Founded in 1876, Nikkei is one of the worldโs largest and most influential media organisations. Best known for its flagship daily newspaper, The Nikkei, the company has a daily circulation of over 1.7 million and more than 3 million digital subscribers.
Its operations span over 40 affiliated companies across publishing, broadcasting, financial indexing, and events, with 51 domestic and 37 international bureaus employing more than 1,500 journalists worldwide.
The recent Slack breach is not Nikkeiโs first cybersecurity challenge. In May 2022, its Singapore subsidiary suffered a ransomware attack affecting a server that may have contained customer data, while in September 2019, Nikkei America lost $29 million in a business email compromise scheme. Experts say the incident underscores the growing risks for media organisations that rely heavily on cloud-based collaboration platforms.
Leave a Comment