Kadokawa Faces 1.5TB Data Breach Following BlackSuit Ransomware Attack

With Niconico restored and Kadokawa beginning to regain stability following the security incident, I would like to take this opportunity to document the events as a memo.

In June 2024, Kadokawa Corporation, a major Japanese media conglomerate, was hit by a large-scale ransomware attack, believed to be carried out by the BlackSuit ransomware group. This cyberattack severely impacted Kadokawa's operations, particularly affecting its video-sharing platform, Niconico, which was forced to suspend services. The hackers reportedly gained access to 1.5 terabytes of sensitive data, including business contracts, internal documents, and personal information of employees from subsidiaries like Dwango, which operates Niconico.

BlackSuit threatened to release the stolen data unless a ransom was paid, and as of July 2024, they had already published samples of the data on the dark web. Kadokawa confirmed the breach and acknowledged that internal and business-related information had been leaked. However, the company reassured customers that no credit card information had been compromised, as they do not store such data.

Kadokawa has been working with law enforcement and external cybersecurity experts to investigate the breach, strengthen security protocols, and restore affected systems. Despite their efforts, services remain disrupted, and the company is still evaluating the full scope of the leak and its potential consequences.

This incident underscores the growing threat of ransomware attacks, particularly on large organizations like Kadokawa, which rely heavily on digital infrastructure for their operations​