The revelation that the nation’s pension system has been hacked on an unprecedented scale may affect ongoing Diet deliberations on a bill to assign citizens individual numbers to improve social security management.
The Japan Pension Service said during a hastily arranged news conference Monday that its employees opened a virus-infected email attachment last month, leading to 1.25 million cases of personal data being leaked.
The course of events is likely to fuel concerns over the misuse of personal data, as it came just after the Lower House passed a bill last month to introduce the My Number system to assign citizens individual numbers to improve social security management, government sources said.
Under the plan, the government will assign a My Number to each individual starting around next fall and manage their income, social security and tax information in an integrated manner starting next January.
The number will also identify the bank accounts of individuals beginning in 2018.
The My Number bill is expected to clear the Upper House before the current Diet session draws to a close this month. However, the data leak scandal will inevitably require the government to take more steps to assure the public of enhanced data security.
In a government survey conducted in January, 32.6 percent of respondents expressed concern that the My Number system could lead to data leaks and infringements of privacy. Another 32.3 percent feared they could suffer actual financial or other damage through data theft.
In the United States, where a similar numbering system has been introduced, cases of identify fraud are frequent, while South Korea has also experienced massive leaks of personal data held by public authorities.
During a news conference Monday, Cabinet minister Akira Amari, who is involved in designing the My Number system, tried to brush aside concerns, saying the pension and the new numbering systems will be managed by different entities and a firewall will be set up to separate their databases.
To prevent abuse, the bill stipulates setting up a third-party body to probe allegations of data abuse by public offices, with a maximum penalty of four years in prison or a ¥2 million fine set for officials leaking information.
Even so, an official of corporate credit research firm Teikoku Databank said companies in the private sector will be forced to bear a heavier responsibility for handling personal data, as employee codes will be linked to the integrated numbering system.