Systems engineer arrested in massive data leak in Japan

At least 7 million names were stolen from the database of education firm Benesse

Tokyo police on Thursday arrested a systems engineer accused of stealing millions of customer names from the computer database of a large education firm to sell them for profit.

Masaomi Matsuzaki, a 39-year-old temporary staffer, was arrested for violation of the unfair competition prevention law, a spokesman for the Metropolitan Police Department said.

Matsuzaki allegedly copied personal data related to at least 7.6 million customers of Benesse, the parent company of Berlitz language schools in Japan.

The information was allegedly copied at the Tokyo office of Synform, a Benesse-affiliated website development company where the engineer had been dispatched by a staffing agency. Matsuzaki may have gained access to the data because of lax access controls, according to local news reports.

The data was saved on a portable recording device such as a USB memory stick, sold to a broker of name lists for millions of yen (tens of thousands of U.S. dollars) and later used for direct mailing, according to Japanese media reports.

The information, which contained names, addresses, birth dates and phone numbers, could include up to 20.7 million items, Benesse said in a statement last week.

It had speculated the information was stolen by an outsider who had authority to access its database.

"The company will put top priority on uncovering the cause of the leak and on preventing any secondary damage to customers due to malicious use of the leaked information," it wrote in the statement, apologizing to customers for the leakage.

The Benesse breach is one of the largest-ever data leaks in Japan, a spokesman for the Consumer Affairs Agency said, recalling a case in which over 8 million items of information were stolen from Dai Nippon Printing, which handles direct mail for corporate clients, in 2007.

Tags securityAccess control and authenticationdata breachBenesse

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Cloud Trust Authority

Reduce complexity and increase trust for public cloud service providers and their customers.

Latest Jobs
Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.