1.25 million Japanese pension records leaked following phishing attack
The Japan Pension Service has suffered a data breach, affecting the pension records of some 1.25 million people.
According to the Bangkok Post, “An employee opened an e-mail with a virus, triggering the release of client names, pension account numbers, birth dates and addresses”.
The breach was discovered on May 28 and the identity of the criminal hacker(s) remains unknown.
“These are the people’s vital pensions. I have instructed Health and Welfare Minister (Yasuhisa) Shiozaki to consider the pension recipients and do everything possible,” Japan’s Prime Minister Shinzo Abe told reporters when the breach was made public.
Compromised data included:
The data breach was caused by a successful spear-phishing campaign that targeted staff of the service. A member of staff opened an attachment, ultimately infecting the PC with malware. The infected machine has been removed from the network and it’s not believed that the malware spread.
Thankfully, the PC wasn’t connected to the core computer system, which keeps financial details of the pension system’s members, officials said.
This breach demonstrates just how damaging the insider threat is to organisations. Without regular training on information security awareness, it’s highly likely that an employee will instigate a data breach – intentional or not.
According to the Bangkok Post, “An employee opened an e-mail with a virus, triggering the release of client names, pension account numbers, birth dates and addresses”.
The breach was discovered on May 28 and the identity of the criminal hacker(s) remains unknown.
“These are the people’s vital pensions. I have instructed Health and Welfare Minister (Yasuhisa) Shiozaki to consider the pension recipients and do everything possible,” Japan’s Prime Minister Shinzo Abe told reporters when the breach was made public.
Compromised data included:
- Names and pension numbers of 31,000 individuals;
- Names, pension numbers and birth dates of 1.25 million individuals;
- Names, pension numbers, birth dates and home addresses of another 50,000.
The data breach was caused by a successful spear-phishing campaign that targeted staff of the service. A member of staff opened an attachment, ultimately infecting the PC with malware. The infected machine has been removed from the network and it’s not believed that the malware spread.
Thankfully, the PC wasn’t connected to the core computer system, which keeps financial details of the pension system’s members, officials said.
This breach demonstrates just how damaging the insider threat is to organisations. Without regular training on information security awareness, it’s highly likely that an employee will instigate a data breach – intentional or not.
No comments:
Post a Comment