Customer information apparently stolen from a group company of Benesse Holdings Inc., Japan’s largest provider of correspondence education for children, was taken using the ID of a contractor, company sources said.
Records showed that the information was downloaded by a systems engineer who was working as a temporary employee at a company contracted by the Benesse affiliate to manage its databases, the sources said Saturday.
The data were copied several times, likely to a computer loaned out from Benesse, from the affiliate’s office in Tama, western Tokyo, late last year and are thought to have been passed on to at least one company that deals in name lists, around January.
The case came to light after data that software developer Justsystems Corp. obtained from a name-list trader and used to distribute junk mail in May were found to contain Benesse customer information.
According to a separate Tokyo-based name-list trader, the data were exchanged between several similar entities, suggesting it may have ended up in the hands of more companies than Justsystems.
The Tokyo trader said it was offered data on 8 million children around April and bought it despite its unclear origin because the asking price was only ¥200,000, considerably less than its market value. But the Tokyo trader disposed of the data without selling it on after discovering it might have contained Benesse’s customer information.
Rumors later began to spread among traders about a massive loss of data at Benesse, the trader said.
According to Benesse, personal information on 7.6 million customers is confirmed to have been taken, but the actual number may be as high as 20.7 million.
Tokyo police are investigating the case as a violation of the unfair competition prevention law, which bans unauthorized use or disclosure of trade secrets.
Bulk data pertaining to children have rarely been obtainable since the personal information protection law took effect in 2005. The case involving Benesse’s data is pressuring the government to toughen the law.