Japanese anime and gaming giant admits data leak following ransomware attack


Japanese media giant Kadokawa confirmed that some of its data was leaked in the ransomware attack last month.

In a statement on Saturday, Kadokawa said that the leaked data included business partner information, including contracts and other documents, as well as internal company data such as personal information on all employees of its subsidiary Dwango, which runs the popular Japanese video-sharing site Niconico.

“Kadokawa reiterates its deepest apologies to our customers and all those concerned for the considerable inconvenience and trouble this matter has caused,” the statement said.

The company assured that it doesn’t store credit card information for its customers, including Niconico users, “preventing the leakage of this information.” 

Kadokawa runs various businesses in the film, publishing and gaming industries. For example, it operates a Japanese e-book store called BookWalker, which sells manga, novels and magazines from various publishers. It holds a majority stake in FromSoftware, the developer of the video popular game Elden Ring.

Last week, the BlackSuit ransomware gang published a small sample of the stolen data and threatened to publish the rest if the company didn’t pay a ransom. BlackSuit is said to have gained access to 1.5 TB of the company’s data.

Kadakowa is aware of these claims and said that it is “in the process of confirming their authenticity.”

“In July, we expect to receive accurate information based on the findings of external professional organizations. We shall report this as soon as it is ascertained,” the company added. It did not say if it is planning to pay a ransom.

Kadakowa detected a cyberattack on its services in early June. According to the investigation, the hackers targeted servers located in the data center.

Due to the attack, Niconico — one of the largest video posting sites in Japan — temporarily shut down its live streaming platform and user channels “to minimize the impact” of the incident.

Read more: Japanese video-sharing website Niconico suspends services following cyberattack

Kadokawa said that the incident impacted most of the company’s and its subsidiary’s operations since they were hosted in the same data center.

“Kadokawa is currently considering solutions and workarounds quickly on a company-wide basis in order to normalize its systems and business activities,” the company said in a statement on Friday.

BlackSuit is a rebrand of the Royal ransomware group, whose operators are believed to be from the now-defunct Conti cybercrime gang. BlackSuit is also believed to be behind the cyberattack on CDK Global, a major software provider for the automotive industry.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Prudential revises breach notice to say 2.5 million affected by February incident

Next Post

TeamViewer: Hackers copied employee directory and encrypted passwords

Related Posts

China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices

The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys. Dubbed ArcaneDoor, the activity is said to have commenced around July 2023, with the first confirmed attack against an unnamed victim
Read More