Media giant Nikkei reports data breach impacting 17,000 people

Image: Nikkei/Masayuki Kozono

Japanese publishing giant Nikkei announced earlier today that its Slack messaging platform had been compromised, exposing the personal information of over 17,000 employees and business partners.

Nikkei is one of the largest media corporations worldwide, owns the Financial Times and The Nikkei, the world's largest financial newspaper. It has approximately 3.7 million digital paid subscriptions, as well as over 40 affiliated companies involved in publishing, broadcasting, events, database services, and the index business.

The media giant, which acquired the Financial Times in 2015, currently has 37 foreign editorial bureaus and over 1,500 journalists worldwide.

In a Tuesday statement, Nikkei stated that attackers gained access to employee Slack accounts by using authentication credentials stolen after an employee's computer was infected with malware.

Nikkei discovered the security breach in September, which prompted immediate security measures, including mandatory password changes.

"Potentially leaked information includes the names, email addresses, and chat histories for 17,368 individuals registered on Slack," the company said.

Despite the scale of the incident, Nikkei said the stolen information doesn't fall under Japan's Personal Information Protection Law, which mandates reporting for certain data breaches. However, it voluntarily notified the country's Personal Information Protection Commission, citing its commitment to transparency and the incident's "significance."

The publisher added that no information related to confidential sources or reporting activities was compromised during the incident, adding that personal data collected for journalistic purposes remains secure.

"No leakage of information related to sources or reporting activities has been confirmed. We take this incident seriously and will further strengthen personal information management to prevent any recurrence," Nikkei said.

In May 2022, Nikkei's subsidiary in Singapore was hit by a ransomware attack, which impacted a server that "likely contained customer data."

Three years earlier, in late September 2019, Nikkei lost approximately $29 million in a business email compromise (BEC) attack after a Nikkei America employee was tricked by scammers posing as a Nikkei executive into sending the funds to a bank account they controlled.