Japanese sportswear giant Mizuno has confirmed a significant data breach that exposed the sensitive personal information of its customers following a ransomware attack claimed by the BianLian group. The breach, which affected Mizuno USA, was discovered in November 2024, though hackers had infiltrated the company’s network as early as August. The attackers periodically exfiltrated files containing names, Social Security numbers, financial details, and other sensitive data.

Despite filing reports with regulatory bodies in Maine, Mizuno has not disclosed the number of individuals affected.

The company has started offering one year of free identity protection services to impacted customers while facing scrutiny for delayed public disclosure and lack of detailed communication regarding the incident.

Why It Matters: This breach highlights ongoing cybersecurity challenges faced by global corporations, with ransomware groups like BianLian targeting critical infrastructure as well as private companies. The theft of sensitive data puts Mizuno’s customers at risk of identity theft and financial fraud while raising concerns about corporate preparedness against sophisticated cyber threats.

• Timeline of the Breach: Hackers accessed Mizuno USA’s network from August 21 to October 29, 2024. Suspicious activity was detected on November 6, triggering an investigation that confirmed unauthorized data exfiltration.

• Scope of Data Stolen: The compromised information varies but includes names, Social Security numbers, driver’s license information, passport numbers, and financial account details, posing significant risks to affected individuals.

• BianLian’s Involvement: The ransomware gang, believed to have Russian affiliations, claimed responsibility in November. They posted stolen files on their dark web leak site, including financial data, HR records, and confidential company documents.

• Corporate Response: Mizuno has offered one year of free credit monitoring and identity protection services but has been criticized for the lack of transparency, as it did not disclose the total number of affected customers.

• BianLian’s Track Record: Known for shifting from ransomware encryption to extortion-only tactics since 2023, BianLian has targeted a wide range of victims, including healthcare organizations and major corporations like Air Canada.

Go Deeper -> Japanese sportswear company Mizuno confirms data breach after 2024 ransomware claims – The Record

Mizuno USA says hackers stayed in its network for two months – Bleeping Computer