Mizuno USA, a prominent sporting goods manufacturer’s subsidiary, has disclosed a significant data breach that occurred between August and October 2024. The company, which specializes in manufacturing and distributing various sports equipment and apparel across North America, detected suspicious network activity on November 6, 2024.

The breach investigation revealed unauthorized access to company systems, with attackers exfiltrating sensitive documents containing personal information. The compromised data potentially includes:
– Names
– Social Security numbers
– Financial account details
– Driver’s license information
– Passport numbers

In response, Mizuno USA is offering affected individuals one year of complimentary credit monitoring and identity protection services. The company completed its detailed review of the incident on December 18, 2024, and promptly began notifying impacted individuals.

The BianLian ransomware group has claimed responsibility for the attack, stating they acquired various sensitive business data, including:
– Financial and HR records
– Confidential contracts and agreements
– Trade secrets and patents
– Internal and external email correspondence

This incident follows a previous ransomware attack on Mizuno USA in February 2022, which caused significant business disruptions. BianLian, active since June 2022, has recently targeted other major organizations, including Air Canada, Northern Minerals, and Boston Children’s Health Physicians.