National / Crime & Legal

12.6 million cases of personal information leaked in Japan in 2016, survey shows

Kyodo

Some 12.6 million cases involving the leak of personal information were confirmed or suspected in the nation last year due to cyberattacks against companies and other entities, a Kyodo News survey showed Monday, affecting roughly 1 in 10 people.

The figure marked a sixfold increase from the 2.07 million cases in 2015, with a massive personal data leak incident involving Japanese travel agency JTB Corp. owing much to the rise. The tally also showed that credit card information was often targeted.

The tally is based on incidents that were made public last year. But an information security expert said there may be a lot more.

“The (latest) figure may just be the tip of the iceberg,” said Harumichi Yuasa, a professor at the Institute of Information Security, while calling for thorough information management by companies and administrative bodies.

He said some organizations may not notice that their computer systems were hacked and others may refrain from announcing a data leak even if they discover the attacks due to a fear of losing customer confidence.

According to the survey, 65 private companies and related entities reported they were targets of cyberattacks, while 17 were administrative bodies and 11 were schools.

The largest data leak incident was that of JTB, which said last June that personal information on some 6.79 million people, such as customer names and passport numbers, may have been leaked.

The second- and third-largest incidents involved IT firm Piped Bits Co. and radio station company J-Wave Inc., with information being leaked on 980,000 and 640,000 customers, respectively.

Cosmetics-maker Shiseido Co. also announced in December that personal information on about 420,000 customers was accessed, which included credit card information on up to about 66,000 people.

According to the Japan Consumer Credit Association, the total amount in damages stemming from unauthorized use of credit cards reached ¥10.6 billion between January and September last year, up 25.2 percent from the same period a year earlier.

The association attributed the rise to the increase in cyberattacks. Stolen credit card information is known to be traded illegally online and used to purchase items through mail order. Money can be raised by selling the items.

In some hacking cases announced last year, the details remained largely unknown.

In a case involving Keidanren, it admitted that some information may have leaked, but an official of the business lobby said it was not clear “what kind of information leaked and to what extent.”

Of the 93 entities attacked last year, the largest group, 43, said hackers targeted the vulnerable points of their security systems, while 22 had their passwords scanned and 19 were sent computer viruses via emails.

The remaining nine did not know, or did not disclose, how they were attacked.