Japan Pension System Gets Hacked, Exposes 1.25M Records

Japan’s pension system recently took a hit as a successful hack compromised the records of 1.25 million of its users. According to the announcement made by the Japan Pension Service (JPS), the pension records included personal information comprised of pension IDs, names, addresses and dates of birth.

JPS President Toichiro Mizushima apologized for the incident and assured those who were affected that new pension ID numbers will be released to replace the compromised ones. He said that the breach was duly reported to the Metropolitan Police Department on May 19th. However, Mizushima kept mum about the details of the malware that instigated the theft. He continued by saying that the leak was caused by an email containing a malicious attachment that was accessed and opened by the agency’s employees. This then served as an entry point to the online system of the fund.

Mizushima highlighted that the compromised computer units were not linked directly to the more critical computer system of the JPS.  The funds’ core system, which mostly contained financial details and even more sensitive information like paid premiums and paid benefits per individual, remains untouched by the attackers. As of this writing, fund officials’ first course of action included the removal of the infected units from the JPS LAN system. Currently, employees are denied access to the Internet in their offices.

Reports noted that of the 1.25 million reported cases, 1.17 million include the leak of pension IDs, names, and birth dates. 52,000 cases comprise of stolen pension IDs, names, birth dates, and addresses. Another 31,000 then involve the theft of customer names and pension IDs. JPS also admitted that over 500,000 of the reported cases may not have a set password which is a clear defiance to the institution’s internal rules.  Officials also divulged the possibility of altering the information of similar addresses with the use of the harvested data.

In effect, it is feared that the incident could only heighten public distrust in Japan’s public pension system. The reported breach harks back to 2007 involving similar inferior management measures employed to pension records that led to the defeat of Prime Minister Shinzo Abe’s Liberal Democratic Party in the Upper House election.

In a separate statement, Health and Welfare Minister Yasuhisa Shiozaki apologized for the inability to prevent the incident and agreed with JPS’ Mizushima on the importance of the security of the public’s pensions.

The widely-reported breach exposes pressing matters on cybersecurity and on how cybercriminals are well-versed on tactics devised to infect users and organizations to rake in profit.  Lack of awareness on these techniques could easily put any target in the cross hairs of cybercriminals.  However, incidents such as this could be shielded with proper and intensive employee awareness and training on cybercriminal activities, with the aid of technologies provided by trusted security solutions.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.