Skip to main content
Contact Sales

Contact Sales

*Required

Do you have a general inquiry?

Ask a question

Thank you for contacting our sales team.

Thank you for your interest in Hitachi Vantara. Someone from our sales team will be in touch with you shortly.

Cybersecurity Incident Update

Updated June 11

On April 26, 2025, Hitachi Vantara experienced a ransomware incident that resulted in a disruption to some of our systems. The incident is fully contained. Importantly, we have not detected any new unauthorized activity in our network since April 27, and we continue to see no signs of lateral movement outside of our environment. We have engaged third-party subject matter experts to support our investigation and remediation process. We expect to conclude the investigation in the coming weeks.

We will provide updates on this webpage as appropriate.

1. What happened?

On April 26, 2025, Hitachi Vantara experienced a ransomware incident that resulted in a disruption to our systems, as well as to Hitachi Vantara Manufacturing.

2. When did you learn about this incident?

We identified suspicious activity on April 26, 2025.

3. Is the incident contained?

The incident is fully contained. There has been no detected threat actor activity since April 27, verified through continuous enhanced monitoring by our internal teams. We continue to implement measures to ensure containment and strengthen our security posture to prevent future incidents.

Furthermore, we have no evidence that the threat actor moved laterally from our environment to any external systems.

4. What did Hitachi Vantara do in response?

As soon as we detected suspicious activity, we immediately launched our incident response protocols and engaged third-party subject matter experts to support our investigation and remediation process. They remained offline until we validated it was safe to restore them through a very methodical approach led by Cyber response experts. Additionally, we restricted inbound and outbound traffic to our main data center.

We continue to implement measures to ensure containment and strengthen our security posture to prevent future incidents. 

5. What specific platforms/products/services are impacted by this incident?

We are pleased to report that services are returning online progressively and in alignment with strict security validation protocols. All restored systems have undergone thorough scanning using Cortex XDR and Endpoint Detection and Response (EDR) tools, updated with the latest Indicators of Compromise (IoCs).

Support Connect access has been restored as of May 12, 2025, and customers can resume submitting support cases through the portal. Hitachi Remote Ops (HRO) monitoring and alerting capabilities have been restored as of May 21, 2025, for all Hitachi Vantara products and third-party products Hitachi Vantara supports.

6. When will I receive additional information about this?

Thank you for your continued patience and understanding as our investigation and data analysis progress. We will share our next update as we have pertinent information related to the investigation and restoration.

8. Are normal support channels available?

Support Connect access has been restored as of May 12, 2025, and customers can resume submitting support cases through the portal. Hitachi Remote Ops (HRO) monitoring and alerting capabilities for Hitachi Block, Object, File, Server and Network Products were restored as of May 6, 2025.

9. What about partners?

Partners can open a support case through the portal as usual.

Prev Sustainability in Action: How Green IT is Transforming Data Storage Next See You at the Intersection of AI and ROI, Next Week at Cisco Live 2025