TOKYO (Reuters) - Mitsubishi Heavy Industries, Japan's biggest weapons maker, kept a cyber attack on its computer network quiet from the defense ministry, potentially putting it in breach of contracts to supply billions of dollars of equipment to the military.
Under the terms of an agreement the government imposes on all contractors, companies are obliged to inform it promptly of any breach of sensitive or classified information. An angry defense ministry on Tuesday demanded the company carry out a full probe.
"It's up to the defense ministry to decide whether or not the information is important. That is not for Mitsubishi Heavy to decide. A report should have been made," a spokesman for the ministry told Reuters. Officials there only learnt of the attack from local press reports Monday.
A second military contractor, IHI Corp, which supplies engine parts for fighter planes, said its employees had been subject to a growing number of suspicious e-mails which it had informed the police about.
A spokesman didn't elaborate on the nature of the mails. The Nikkei business daily had said earlier the company had also been the victim of a cyber attack.
Mitsubishi Heavy, which has built the U.S.-designed F-15 fighter jet and missile systems including Patriot batteries under license, said on Monday that computer systems had been accessed in August and some network information, such as IP addresses, may have been leaked.
Should Mitsubishi's probe reveal the loss of sensitive data, the defense ministry could impose penalties on its main domestic arms supplier, a business that accounts for substantial chunk of Mitsubishi Heavy's revenue.
"The company is still assessing the damage so the impact is still unknown at this point, but because defense is so important to the company's business this is bad news," said Mitsushige Akino, chief fund manager at Ichiyoshi Investment Management Co.
Mitsubishi Heavy won 215 deals worth 260 billion yen ($3.4 billion) from the Defense Ministry in the year to last March, or nearly a quarter of the ministry's spending that year.
Besides surface-to-air Patriot missiles the weapons included and AIM-7 Sparrow air-to-air missiles.
Defense Minister Yasuo Ichikawa said he had so far received no reports of classified information having been looted in the online assault. He did not say what information was at risk.
An investigation by a computer security company revealed connections were made to 14 overseas sites, including at least 20 servers in China, Hong Kong, the United States and India, the Yomiuri newspaper reported earlier, citing unidentified sources.
A Mitsubishi Heavy spokesman declined to comment further on the first known cyber attack on Japan's defense industry, saying it aims to conclude an investigation by the end of September. He added that he was unaware of the details of the company's supply contract with the government.
A Japanese defense white paper released last month urged better protection against cyber attacks after a spate of high-profile online assaults this year that included Lockheed Martin and other U.S. defense contractors.
That call for vigilance came after the United States revealed in July that 24,000 files had been stolen by a foreign intelligence entity from a U.S. defense contractor in March.
Mitsubishi Heavy shares fell 3.7 percent to 317 yen in Tokyo, compared with a 1.6 percent fall in the benchmark Nikkei average.
($1 = 76.405 Japanese Yen)
(Reporting by James Topham, Lisa Twaronite and Kiyoshi Takenaka; writing by Tim Kelly; Editing by Nathan Layne)