Benesse says data leak includes non-customers

JIJI, Kyodo

Information leaked from Benesse Corp. includes personal data on people who never had a contract with the company, its parent company said Tuesday.

According to Benesse Holdings Inc., the data not only dealt with customers of the subsidiary’s mainstay education services, but also information related to the firm’s lifestyle business services collected at its events and other occasions.

The leaked data was stored in a smartphone used by a system engineer arrested last week for allegedly copying trade secrets from the company, Chikara Matsumoto, chief risk management officer of Benesse Holdings, said at a news conference.

So far, it is known that personal information on some 23 million people leaked from the subsidiary.

Benesse Corp. said Monday that data on some 22.6 million people was found on the systems engineer’s smartphone. In addition, information on some 400,000 people was leaked through unconfirmed channels.

The police investigation isn’t complete, which means further data leaks could come to light.

Initially, Benesse Holdings said that information on up to some 20.7 million customers might have been compromised based on lists obtained from name-list brokers.

The corporate group then found that user information was compromised at the Benesse LifeSmile Shop, an online shopping site for pregnant women and mothers, and Benesse Women’s Park, a social networking site for women.

The newly found data include the estimated due dates of some 200,000 babies.

Tokyo police arrested Masaomi Matsuzaki, 39, last Thursday on suspicion of downloading and copying the personal data of Benesse customers onto his smartphone from the Tokyo branch of affiliate Synform Co.

Authorities seized the smartphone and a memory card from Matsuzaki and matched data on the phone and storage device with Benesse customer information.

Matsuzaki admitted selling the data to name-list traders and gambled away the money, according to the police.

Also Tuesday, Benesse Holdings convened a panel of experts to begin investigating the steps leading up to the theft and draft measures to prevent future data leaks. The panel, headed by lawyer Hideaki Kobayashi, will also investigate the responsibilities of the firm’s compliance officers, the company said.