The Japan Pension Service, which is reeling from the theft of a massive amount of personal data, has discovered two of its personal computers continued to transmit data outside the organization for three days after it contacted police about a possible security breach, sources close to the matter said Thursday.
A large volume of personal information at the pension service could have been leaked during the three days from May 21 via an external email virus sent by hackers.
The pension body said Monday that it was hacked and the names and identification numbers of about 1.25 million people in Japan’s universal public pension program were leaked.
The pension organization said Thursday a total of 27 of its personal computers were infected with viruses.
A cybersecurity company notified the pension body on May 23 of suspicious data transmissions from two computers in the personnel management division. The body immediately cut Internet access to all computers in the division, the sources said.
It later found more than 10 more computers had made suspicious data transmissions during the same three days.
The organization first discovered the virus infection on May 8 in a computer at its Kyushu branch, and it is thought hackers may have stolen an undisclosed number of employee email addresses before the infected computer was isolated.
The pension service contacted police a day after it received a total of 100 virus-containing emails simultaneously on May 18.