NEWS

As reported in our company's "Notice and Apology Regarding Unauthorized Server Access (2nd Report)" announced on April 20, 2023, the server managed and operated by our company was illegally accessed by a third party (hereinafter referred to as the "incident"). We would like to once again express our deepest apologies to all parties involved. Now that the investigation by a third-party cybersecurity agency has been completed, we would like to report the outline of this incident as follows. Please also note that our server has been restored and there is no impact on our business at this time.

1. Overview of incident, etc.

At around 6 a.m. on April 12, 2023, a failure was detected in our core system server. Investigation took place as a result, and it was discovered that files on the server were encrypted and infected with ransomware. After taking measures to prevent the spread of damage, such as disconnecting the server from our network, we immediately contacted a third-party cybersecurity organization to investigate. On May 24, 2023, investigation by the third-party cybersecurity agency was completed. It was confirmed that unauthorized access to our network occurred at around midnight on April 8 of the same year. The data on our server was then encrypted by ransomware from around 6 a.m. on April 12, making it unusable. Report from the third-party cybersecurity agency has determined that some of the data held by our company has been sent to an external party. There is a possibility that personal data was compromised because the server where the data was stored contained personal data (total of 27,000 cases). We have reported this matter to the Personal Information Protection Commission and have also reported this incident to the police, and will fully cooperate with future investigations.

2. Apology to all parties concerned and contact information regarding this matter

We sincerely apologize for causing great inconvenience and concern to all parties involved. We will individually contact customers and related parties whose personal data may have been compromised with an apology and an announcement. Furthermore, a dedicated contact point for inquiries regarding this matter has been established. Please contact us using the contact information listed below for questions or concerns regarding this incident. Our company has always taken measures to prevent unauthorized access to our servers and computers and strived to manage information appropriately. To prevent recurrence, we have already prepared various measures and will continue to make improvements as needed.

≪Inquiries regarding this matter≫

OSG Corporation Human Resources & General Affairs Department

Business Hours: 9:00-16:00 (excluding Saturdays, Sundays, and public holidays)

Phone Number: (81)533-82-1130

E-mail: hr_info_system@osg.co.jp