Mitsubishi Electric Corp. today disclosed a data breach that involved the theft of highly sensitive data, including correspondence and information on government agencies and business partners.

Although the Mitsubishi name may be best known in the West for its cars, Mitsubishi Electric is a separate division of the Mitsubishi Group of Companies that manufactures consumer electronics as well as semiconductors, defense equipment and nuclear reactors.

The hack is said to have taken place in June. Chinese hackers are believed to be behind the data theft. Mitsubishi Electric noted that no highly sensitive information pertaining to its intellectual property had been stolen.

According to a report from the Japan Times, data stolen included email exchanges between the company and the Japanese Defense Ministry and Nuclear Regulation Authority, as well as documents related to projects with firms such as utilities, railways and automakers. Personal data on more than 8,000 people, including current and former employees as well as job applicants, was also stolen.

The Japanese government, including the country’s nuclear regulator, have been informed of the breach.

“Unauthorized access is one of the most frequent cyberattack methods, encompassing 34% of all attacks, which is what happened to Mitsubishi Electric when malicious actors were able to steal 200 MB worth of files from the manufacturing giant’s internal systems,” Ben Goodman, senior vice president of global business and corporate development at digital identity firm ForgeRock Inc., told SiliconANGLE. “While the type of data breached is unclear, knowing that Mitsubishi Electric is a top contractor for Japan’s military and infrastructure, this breach is especially concerning.”

Enterprises and other organizations that regularly handle sensitive and confidential data must leverage “zero trust” security strategies, in which organizations by default don’t trust anyone, even those inside the network, he added. “By employing modern identity and access management tools that can prescribe contextual and continuous security, detect abnormal behavior and validate identity by prompting two-factor authentication or multifactor authentication, organizations can put extra layers between cybercriminals and their sensitive data,” he said.

Photo: Mitsubishi Electric