Kurita Europe GmbH (headquarters: Mannheim, Germany, hereinafter “KEG”), a consolidated subsidiary in EMEA of Kurita Water Industries Ltd. (headquarters: Tokyo, Japan), recognized unauthorized access to certain of its servers and that part of data was encrypted.
We deeply apologize to our customers, business partners, and those related to us for any inconvenience or concern this incident may cause.
The latest status known regarding this incident is as follows:
- What Happened: On Sunday, April 12, 2026, at around 20:00, an alert was detected by KEG’s monitoring system. We immediately began investigating the matter, involving an external forensics’ investigation firm. As a result, it was determined that the data on certain of our servers had been unlawfully encrypted, apparently due to the involvement of a third party. To prevent further spread of the damage, we promptly isolated the compromised servers from the network.
- Data that may have been accessed: The affected servers contained data regarding business contact information and others of KEG’s customers, business partners, and other those related to us, and the data may have been accessed.
- Next Step: The affected servers are being restored, and our business operations are continuing as usual, except for some processes under assessment. With the support of our forensics team, we continue to investigate details, including the causes, to resolve the situation. We are taking additional steps to prevent a recurrence and prevent future incidents and ensure safe operations.
- Safeguarding: KEG is assessing this incident in accordance with the EU General Data Protection Regulation (GDPR). KEG, acting as the data controller, has notified the competent lead data protection authority in Germany and, where required, is coordinating and communicating with relevant data protection authorities in jurisdictions in which KEG’s subsidiaries or branches operate, in accordance with applicable data protection laws.
Currently, no action is required by our customers. However, we recommend remaining vigilant and, If you receive any emails (even if it appears to be from a KEG email address) requesting payment of our invoices and the banking information is NOT what you already have for KEG in your files (i.e., the email provides different banking information) we strongly recommend you do not send any funds as that email requests. Rather, please call our accounting department on the phone number you already have for us, not the one in that email. This will hopefully avoid your sending funds to a fraudulent account.
Thank you for your understanding and cooperation.