254,000 People Impacted by BlackSuit Ransomware Attack on Japanese Publisher Kadokawa

• The June ransomware attack suffered by the Japanese KADOKAWA Corporation leaked the details of 254,000 people.
• All employees and some business partners and affiliates have had sensitive data exposed in the process.
• The KADOKAWA data stolen by BlackSuit includes names, email addresses, and phone numbers.

The ransomware attack suffered by Japanese publisher KADOKAWA on June 8 leaked sensitive data of 254,241 individuals, including companies, employees, interviewees, and high school students, graduates, guardians, applicants, and information requesters, a recent announcement from subsidiary DWANGO Co., Ltd., said.

Personal information such as names, dates of birth, postal and email addresses, phone numbers, and more were exposed regarding all Kadokawa Dwango Gakuen employees and some business partners, affiliated companies, sister companies, former employees, and people who interviewed for the company.

Some of the students, graduates, guardians, applicants, and information requesters of N Junior High School, N High School, and S High School also had their personal details stolen, such as name, date of birth, postal and email address, phone number, academic background, year of enrollment, homeroom teacher, and school of further study.

These add to the theft of Dwango's private legal documents and several contracts with business partners, past and present affiliated companies, and data on former employee-operated companies. 

The report said customer credit card information is not stored by the Japanese giant, and Niconico user account details were not impacted.

On June 27, the BlackSuit ransomware gang claimed the June 8 KADOKAWA attack that crippled multiple websites of the KADOKAWA Group, targeted the Group’s data center, affecting popular video-sharing platform Niconico and related services as well as manufacturing, distribution, Web services, and merchandise businesses.

The BlackSuit ransomware gang is also believed to be responsible for the recent data breach affecting retail technology and software provider CDK Global, for which they demanded tens of millions of dollars in ransom. The security incident caused significant disruption to nearly 15,000 car dealerships in the U.S.

BlackSuit is a suspected rebrand of the Royal ransomware operation, which may be the successor of the Conti cybercrime group of Russian and Eastern European threat actors. The cybercriminal gang reportedly published hundreds of sensitive police files stolen from the Kansas Police Department after the KCKPD refused to pay ransom.