Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Cycling Weekly
Cycling Weekly
Sport
Adam Becket

Hackers release raft of stolen Shimano data online

Shimano.

The data stolen from Japanese componentry giant Shimano by ransomware hackers has been leaked online.

The hack and theft, which took place in early November, was first reported by Escape Collective, which then revealed the publication of the information, which has also been seen by Cycling Weekly on Friday.

The Japanese bike parts and fishing kit manufacturer was targeted by ransomware group LockBit, who were threatening to release 4.5 terabytes of sensitive data on November 5, 2023, at 18:34:13 UTC. It was then not known whether Shimano were attempting to reach an agreement with the cyber criminals or not; while the notice on the LockBit site suggested that the data had been published, it was not until this week.

The data, according to LockBit, included: employee details, including addresses and passport scans; financial documents, including bank statements and tax reports; "various confidential reports", and minutes; and also NDAs and "various diagrams/drawings marked CONFIDENTIAL".

(Image credit: Getty Images)

The data that was revealed online, in various languages, across multiple folders, included spreadsheets with payroll details for thousands of employees, manufacturing data, and sales projections, alongside more mundane content like  presentations.

It now seems likely that Shimano did not pay up the ransom demand, but the company has not yet expanded on its original statement, which followed reports of the hack. At that time a spokesperson said: "This is an internal matter at Shimano, which is being investigated, however we cannot comment on anything at this time."

In the original ransom note from the LockBit group, they threated: “If you do not pay the ransom, we will attack your company again in the future."

Speaking to Cycling Weekly earlier this month, Dr Harjinder Lallie, a reader in cyber security at the University of Warwick, explained that the leak could result in intellectual property being passed to competitors.

"The company is in a bit of a conundrum," Dr Lallie said. "Sure, they might have backups. So they might think, well, it doesn't matter that you've got our designs, it's not like we won't be able to continue to function, we'll carry on functioning.

"The bit that they would be really nervous about is the passport data getting leaked out obviously. And the designs ending up in the hands of competitors. There's obviously all the financial data too, which could reveal their financial position as well. Whichever way you look at it, this isn't a good place for Shimano to be."

Shimano was contacted for further comment.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.