The U.S. subsidiary of a Japanese water treatment company said ransomware actors have stolen data from systems and encrypted some servers. 

Kurita Water Industries said the incident began on November 29 and affected Kurita America, a subsidiary headquartered in Minnesota. Ransomware infections were found in multiple servers which were subsequently disconnected from the rest of the network. 

“As a result of this unauthorized access, some of the data stored on KAI’s server belonging to customers, business partners and employees may have been leaked to third parties,” the company said in a statement on Saturday. 

“At present, the main servers have already been restored, and business operations have not been disrupted.”

The company is continuing its investigation into the incident. 

Founded in 1949, Kurita creates chemicals used to treat water and wastewater. The company has grown to become one of the biggest manufacturers of the products, with 2024 earnings of about $2.4 billion. While most sales are in Japan and across Asia, about 17% of sales are in North and South America.  

Another Japanese corporation named Ito En also confirmed on Friday that its U.S. subsidiary was hit with ransomware. The company is the largest producer of green tea in Japan and has subsidiaries in the U.S., Australia, China and Indonesia.

The company said a ransomware gang attacked Ito En North America on December 2, encrypting servers in Texas and stealing company data. 

“The damage this time affected some file servers that are separate from the core system. The file servers have been isolated from the network and are currently being restored using backup data from before the attack,” the company said. 

“As a result, all systems, including ITO EN North America, are operating normally. The information leak is currently under investigation.”

Japanese companies have faced a barrage of ransomware attacks in 2024, with major names like Fujitsu, Casio, Hoya, Kadokawa and Pokémon-developer Game Freak all dealing with debilitating incidents. 

Electric motor manufacturer Nidec said in October that it is being extorted by a group that attacked the company’s operations in Vietnam. Multiple ransomware gangs have taken credit for the attack.

Several other Japanese companies — including Yorozu and Monohakobi — have announced ransomware attacks in recent months.