On May 7, 2025, PR TIMES, a press release distribution service, announced a significant security breach that may have exposed over 900,000 pieces of personal information, along with sensitive pre-release press information. The company confirmed that unauthorized access and cyberattacks had occurred on its servers, specifically noting that the attacks began on April 24, 2025.
According to the company, the unauthorized access was detected on April 25, when suspicious files were identified on the server. This led to an investigation that revealed third-party access to the PR TIMES administrator screen had taken place between April 24 and 25. The company stated, "We have already blocked the unauthorized access route, and inappropriate operations or processes by the attacker have been stopped."
As of now, PR TIMES has not confirmed any misuse of customer information. However, they are advising all users to change their passwords as a precautionary measure. The company expressed deep regret for any concerns this situation may have caused its customers, emphasizing that the security of their information is a top priority.
The potential leak includes personal information from various user categories: 227,023 enterprise users, 28,274 media users, 313,920 individual users, and 331,619 import lists, totaling 901,603 pieces of data. Notably, sensitive information such as bank account numbers and credit card details were not included in the breach.
PR TIMES reported that the unauthorized access was facilitated by an increase in IP addresses allowed during the remote work transition prompted by the COVID-19 pandemic. An unfamiliar IP address was used as the entry point, which had not been documented. The company noted that this IP address was linked to a shared internal account that is rarely used.
Following the detection of the breach, the company took immediate action, stopping the suspicious file and blocking the unauthorized access route. Despite these measures, it was later confirmed that an attack occurred through a process established by the attacker during the night of April 27 to April 28. The company was able to halt this process by April 30.
In their report, PR TIMES acknowledged the existence of a backdoor file, which allowed for unauthorized access to their systems. They also noted that communications via Telegram were detected, indicating a potential handover of access rights to another attacker, which they have since blocked.
On May 7, 2025, PR TIMES filed a report with the police regarding the cyberattack, stating that the delay in informing customers was due to a policy aimed at minimizing the risk of evidence tampering after reporting the incident. The company has also reported the potential data leak to the Personal Information Protection Commission and JIPDEC, the Japan Information Economy Society Promotion Association.
In response to the incident, PR TIMES is implementing strict measures to limit access to the administrator screen, allowing connections only from within the company and through a VPN. They have also completed settings to prevent unauthorized files from being executed at the location where the backdoor file was found. Additionally, the company is reviewing the settings of their Web Application Firewall (WAF) and plans to transition to a new administrator interface by the end of 2025, which will eliminate the use of shared accounts.
The company has reassured its users that it is taking all necessary steps to enhance security and prevent future incidents. They are committed to cooperating with law enforcement and continuing their investigation into the breach. PR TIMES has stated that the impact of this incident on their overall business performance for the fiscal year ending February 2026 is expected to be minimal.
As PR TIMES continues to navigate this challenging situation, they remain focused on strengthening their security measures and ensuring the safety of their users' information. The company has expressed appreciation for the understanding and support of its customers during this time.