Mizuno USA, a subsidiary of Mizuno Company, one of many world’s largest sporting items producers, confirmed in information breach notification letters that unknown attackers stole recordsdata from its community between August and October 2024.
Headquartered in Peachtree Corners, Georgia, Mizuno USA manufactures and distributes golf, operating, baseball, volleyball, softball, swimming, and tennis tools, attire, and footwear for North America.
In a Thursday submitting with Maine’s legal professional basic, the corporate stated it detected suspicious exercise on its community on November 6, 2024. The investigation discovered that unknown attackers breached a few of its techniques and exfiltrated paperwork containing private info belonging to an undisclosed variety of people.
“The investigation decided that sure techniques throughout the community had been accessed by an unknown particular person and recordsdata had been copied with out authorization periodically between August 21, 2024 and October 29, 2024,” Mizuno says in information breach notification letters despatched to impacted individuals.
“Mizuno then undertook an in depth evaluation of the related recordsdata to find out what info was current and to whom it relates. This evaluation was accomplished on December 18, 2024, and Mizuno labored as shortly as potential thereafter to supply this discover to doubtlessly impacted people.”
The knowledge contained within the stolen recordsdata varies by impacted particular person, and it might embrace the identify, Social Safety quantity, monetary account info, driver’s license info, and passport quantity.
The corporate now gives one yr of free credit score monitoring and id safety providers to these impacted by the info breach and advises them to observe their accounts and credit score reviews for indicators of id theft and fraud.
Breach claimed by BianLian ransomware operation
Whereas Mizuno has not supplied extra info on the breach and hasn’t replied to a number of emails despatched by BleepingComputer asking for added particulars, the BianLian ransomware gang claimed the assault in early November.
In early February 2022, Mizuno USA was additionally hit by a ransomware assault that brought about widespread enterprise disruption, together with telephone outages, order delays, and web site points.
The ransomware group stated it had stolen a variety of delicate enterprise and buyer information, together with finance and Human Sources information, contracts and confidential agreements, commerce secrets and techniques and patents, mailboxes, and inside and exterior e mail correspondence.
Since then, the attackers have up to date Mizuno’s entry on their darkish net leak web site so as to add the screenshot of a spreadsheet allegedly containing the corporate’s bills following the 2022 ransomware assault and screenshots of different paperwork purportedly stolen from the corporate’s techniques final yr.
BianLian has focused non-public firms and demanding infrastructure organizations worldwide since June 2022. Beginning January 2023, when Avast launched a free decryptor for its ransomware, the gang switched to extortion-only assaults.
Most just lately, BianLian has added Air Canada, Northern Minerals, and the Boston Kids’s Well being Physicians to its checklist of victims.