By Mayumi Negishi and James Topham
TOKYO (Reuters) - Japan told its biggest weapons supplier, Mitsubishi Heavy Industries, to investigate a cyber attack on its computers on Tuesday, warning it may have breached contracts to supply billions of dollars of equipment by keeping quiet about the online assault.
Under the terms of an agreement the government imposes on all contractors, companies are obliged to inform it promptly of any breach of sensitive or classified information, a defense official said. Defense officials learnt of the August attack from local press reports Monday.
"It's up to the defense ministry to decide whether or not the information is important. That is not for Mitsubishi Heavy to decide. A report should have been made," a spokesman for the ministry told Reuters.
Professor Yoshiyasu Takefuji, a cyber-security expert at Keio University, said this was the first example of defense-related cyber attack in Japan and had to be taken seriously.
"This happened a month ago, and it's just in the last few days they realized how bad it was," he said. "They've been dozing for the past month."
There was no clue as to who was responsible. A Chinese Foreign Ministry spokesman dismissed suggestions the hacking could have originated in China.
"The Chinese government has consistently opposed hacking attack activities. Relevant laws strictly prohibit this," spokesman Hong Lei told reporters.
"China is one of the main victims of hacking ... Criticizing China as being the source of hacking attacks not only is baseless, it is also not beneficial for promoting international cooperation for internet security."
The hacking furor may widen after a second military contractor, IHI Corp, which supplies engine parts for fighter planes, said its employees had been subject to a growing number of suspicious e-mails.
A spokesman didn't elaborate on the nature of the e-mails. The Nikkei business daily had said earlier the company had also been the victim of a cyber attack.
Mitsubishi Heavy, which has built the U.S.-designed F-15 fighter jet and missile systems including Patriot batteries under license, said on Monday that computer systems had been accessed and some network information, such as IP addresses, may have been leaked.
Should Mitsubishi's probe reveal the loss of sensitive data, the defense ministry could impose penalties on its main domestic arms supplier, a business that accounts for a tenth of Mitsubishi Heavy's revenue.
As much of that equipment is built in partnership with U.S. companies including Raytheon Co. and Lockheed Martin Corp., the impact of any punitive action could spread.
Mitsubishi Heavy won 215 deals worth 260 billion yen ($3.4 billion) from the Defense Ministry in the year to last March, or nearly a quarter of the ministry's spending that year.
Besides surface-to-air Patriot missiles the weapons included and AIM-7 Sparrow air-to-air missiles.
Defense Minister Yasuo Ichikawa said he had so far received no reports of classified information being stolen. He did not say what information was at risk.
An investigation by a computer security company revealed connections were made to 14 overseas sites, including at least 20 servers in China, Hong Kong, the United States and India, the Yomiuri newspaper reported earlier, citing unidentified sources.
Overall 83 computers and servers at 11 locations including its head office, factories and R&D center were accessed in the attack, a Mitsubishi spokesman confirmed.
If Mitsubishi's probe reveals the loss of classified data, it would represent the third major breach in security at the company in less than a decade following the loss of nuclear reactor test data in 2006 and the leak of information on its fighter jets in 2003, local media reported
The Mitsubishi spokesman declined to comment further on the August cyber attack, saying it aims to conclude its investigation by the end of September. He declined to discuss the company's supply contract with the government.
A Japanese defense white paper released last month urged better protection against cyber attacks after a spate of high-profile online assaults this year that included Lockheed Martin and other U.S. defense contractors.
That call for vigilance came after the United States revealed in July that 24,000 files had been stolen by a foreign intelligence entity from a U.S. defense contractor in March.
"No country takes this seriously until something bad happens. But if they don't take it seriously this time, there will be another big incident," Keio University's Takefuji said.
Mitsubishi Heavy shares fell 3.7 percent to 317 yen in Tokyo, compared with a 1.6 percent fall in the benchmark Nikkei average.
($1 = 76.405 Japanese Yen)
(Additional reporting by Isabel Reynolds, Lisa Twaronite and Kiyoshi Takenaka in Tokyo and Ben Blanchard in Beijing; Writing by Tim Kelly; Editing by Nathan Layne and Nick Macfie)