This week, Japanese companies have been hit by a series of cyberattacks. From the leak of GitHub credentials to multiple ransomware attacks, a variety of threats are plaguing corporate systems.

These incidents highlight the importance of authentication management for cloud services and the urgent need for ransomware countermeasures. In particular, attacks via subcontractors are increasing, making security measures across the entire supply chain essential.

Money Forward's GitHub credentials leaked: entire repositories copied.

Money Forward, Inc. announced on May 1st that it had experienced unauthorized access to its GitHub repository. The attackers obtained authentication credentials and accessed multiple repositories to copy code. This incident is a classic example of how important it is to manage access to development environments. Money Forward is taking measures to minimize the impact on users, including temporarily suspending its bank account linking function.

Cyberattacks on two Denso overseas locations: Possible data breaches at Italian and Moroccan sites.

On May 1, 2026, Denso, a major automotive parts manufacturer, announced that it had suffered cyberattacks at two of its overseas locations. On March 28, 2026, local time, the company discovered that the networks at its facilities in Italy and Morocco had been compromised by a third party. Both locations have taken measures to prevent further damage and are conducting an investigation into the extent of the impact with the cooperation of external experts.

The investigation has revealed that information concerning external parties and some company-related information may have been stolen. Denso is proceeding with explanations to the affected parties and reporting to the relevant authorities, and as of April 30, 2026, no significant impact on production or shipments has been confirmed. This incident is a typical example of "overseas base attacks," in which overseas bases of globally operating Japanese companies are targeted by cyberattacks, and it raises renewed questions about the need to unify security levels between headquarters and overseas bases.

Cyberattack on Omi Kenshi: Core system downtime causes delays in settlement procedures.

Omi Kenshi Co., Ltd. issued a follow-up report on May 11th regarding the system failure caused by a cyberattack, which was first announced on March 23rd. It has been determined that files were encrypted and that the attack is highly likely to be ransomware. The disruption to core systems has caused delays in financial closing procedures and has had a serious impact on the company's overall operations. This incident highlights that key industries such as manufacturing are significant targets for ransomware attacks.

Ransomware attack on F1: Approximately 170,000 pieces of personal information leaked.

F-One Co., Ltd. announced its final report on April 8 regarding the ransomware attack on the company, which it had initially disclosed on February 4. Approximately 170,000 pieces of personal information may have been leaked. The leaked information includes details of customers who purchased suits, revealing that the retail industry is also a target of ransomware attacks.

Five specific cybersecurity measures that should be implemented on the ground now

Here are five concrete measures that practitioners can immediately implement, based on what we learned from this week's incident.

1. Strengthen access management to the development environment: It is crucial to require multi-factor authentication (MFA) for access to development platforms such as GitHub and GitLab, and to regularly review access permissions. As Money Forward's case shows, the leakage of authentication information can lead to the leakage of the entire development code, so this should be addressed as a top priority.

2. Rebuild your backup strategy: In the event of a ransomware attack, recovery from backups is the only countermeasure. Backups should be physically separated from the production environment, and recovery tests should be performed regularly. In the cases of Medica Publishing and Omi Kenshi, the presence or absence of backups significantly impacted recovery time.

3. Verify the security management system of your subcontractors: Several incidents have been reported to have resulted in damage via subcontractors. Clearly state "security audit rights" in your contracts with subcontractors and conduct audits at least once a year. Raising the security level across the entire supply chain is an urgent necessity.

4. Review your incident response plan monthly: When multiple large-scale incidents occur, like this week, it's necessary to verify whether your company's response plan is effective. In particular, clearly define specific procedures and responsibilities for the three phases: initial response, reporting to management, and customer notification.

5. Strengthen employee security awareness training: Credential leaks and email misdeliveries are often caused by employee negligence. Conduct monthly security training and quarterly phishing drills to raise security awareness throughout the organization.

What we can do for you with PIPELINE

This article explains how PIPELINE Corporation's products can prevent, detect, and respond to the types of threats observed in this week's incidents.

Measures against unauthorized access and authentication information leakage

RiskSensor continuously monitors access patterns to development environments and cloud services, and immediately detects abnormal access. Even if authentication credentials are leaked, it can minimize damage by detecting malicious access patterns.

Ransomware detection and response

ThreatIDR detects ransomware attacks at every stage, from intrusion to encryption, and provides real-time support for response. It detects abnormal file encryption activity and prevents further damage.

Measures to prevent the leakage of personal information

DatalaiQ detects data breaches, including those involving personal information, and identifies the scope of the leaked data. This allows for faster initial response to incidents and optimized timing of customer notifications.

sauce

1. Notice and Apology Regarding Unauthorized Access to GitHub (First Report)

https://corp.moneyforward.com/news/info/20260501-mf-press-1/

2. Unauthorized Access to Group Companies ( Denso Corporation)

https://www.denso.com/jp/ja/news/newsroom/2026/20260430-01/

3. The file is encrypted and is highly likely to be ransomware - System failure due to cyberattack on Omi Kenshi -

https://scan.netsecurity.ne.jp/article/2026/05/11/55231.html

4. Notice and Apology Regarding Ransomware Attack (Second Report)

https://f-one.co.jp/_include/pdf/information20260225.pdf

→ You can watch it here.

✦ Finally

Thank you for reading this far.

We at PIPELINE Corporation are a group of experts specializing in cybersecurity and threat intelligence.

We face threats together with our customers on-site every day.

"Even if we have a specialized team within the company, we lack the resources," "We don't know where to start," and "We want to prepare realistically, assuming we will be attacked."

We receive many inquiries like this. Regardless of the size of the company, the current situation is that weak points in defenses are easily targeted.

Furthermore, trying to handle everything internally inevitably makes it easier for things to be overlooked.

That's why we focus on practical methods that are useful in the field, rather than idealistic theories, and propose a small-scale, easy-to-implement approach. Even "a small step within your capabilities" can make a big difference in safety.

If you have any concerns at all, please feel free to contact us. Let's work together to find the quickest way to strengthen your security.