Mizuno USA, a subsidiary of Mizuno Company, one of many world’s largest sporting items producers, confirmed in knowledge breach notification letters that unknown attackers stole recordsdata from its community between August and October 2024.
Headquartered in Peachtree Corners, Georgia, Mizuno USA manufactures and distributes golf, working, baseball, volleyball, softball, swimming, and tennis tools, attire, and footwear for North America.
In a Thursday submitting with Maine’s lawyer basic, the corporate mentioned it detected suspicious exercise on its community on November 6, 2024. The investigation discovered that unknown attackers breached a few of its techniques and exfiltrated paperwork containing private info belonging to an undisclosed variety of people.
“The investigation determined that certain systems within the network were accessed by an unknown individual and files were copied without authorization periodically between August 21, 2024 and October 29, 2024,” Mizuno says in knowledge breach notification letters despatched to impacted individuals.
“Mizuno then undertook a detailed review of the relevant files to determine what information was present and to whom it relates. This review was completed on December 18, 2024, and Mizuno worked as quickly as possible thereafter to provide this notice to potentially impacted individuals.”
The knowledge contained within the stolen recordsdata varies by impacted particular person, and it could embrace the identify, Social Safety quantity, monetary account info, driver’s license info, and passport quantity.
The corporate now affords one 12 months of free credit score monitoring and id safety providers to these impacted by the information breach and advises them to observe their accounts and credit score stories for indicators of id theft and fraud.
Breach claimed by BianLian ransomware operation
Whereas Mizuno has not supplied extra info on the breach and hasn’t replied to a number of emails despatched by BleepingComputer asking for extra particulars, the BianLian ransomware gang claimed the assault in early November.
In early February 2022, Mizuno USA was additionally hit by a ransomware assault that induced widespread enterprise disruption, together with telephone outages, order delays, and web site points.
The ransomware group mentioned it had stolen a variety of delicate enterprise and buyer knowledge, together with finance and Human Assets knowledge, contracts and confidential agreements, commerce secrets and techniques and patents, mailboxes, and inner and exterior electronic mail correspondence.
Since then, the attackers have up to date Mizuno’s entry on their darkish internet leak web site so as to add the screenshot of a spreadsheet allegedly containing the corporate’s bills following the 2022 ransomware assault and screenshots of different paperwork purportedly stolen from the corporate’s techniques final 12 months.
BianLian has focused non-public firms and demanding infrastructure organizations worldwide since June 2022. Beginning January 2023, when Avast launched a free decryptor for its ransomware, the gang switched to extortion-only assaults.
Most just lately, BianLian has added Air Canada, Northern Minerals, and the Boston Youngsters’s Well being Physicians to its listing of victims.
