Japan’s $1.1 trillion pension system has been breached, leaking millions of personal case details Japanese authorities reported Monday, in an embarrassing report as old scandals arise.
A virus attached to an email sent to a service staffer led to the Japan Pension system being breached, leading to the leak of some 1.25 million cases of personal information, Toichiro Mizushima, the system’s president, told reporters during a news conference. Mizushima assured affected citizens they would receive new pension ID numbers.
“We feel an extremely grave responsibility over this,” Mizushima said while apologized for the country’s breach. “We will make the utmost efforts not to cause trouble to our customers.”
Personal details leaked included names, identification numbers, dates of birth and street addresses.
Japan’s Pension Service is in the midst of setting up an investigation to assess and prevent the possibility of a similar breach in the future, Mizushima added.
“These are the people’s vital pensions. I have instructed Health and Welfare Minister (Yasuhisa) Shiozaki to consider the pension recipients and do everything possible,” Prime Minister Shinzo Abe said during a live NHK publicly televised event, featuring the breach as the top story of the day.
In addition, Shiozaki apologized for failing to prevent the breach and told reporters that he demanded the Japan Pension service set their top priority to protecting the public’s pensions, presumably enhancing cybersecurity budgets and undergoing audits.
The Pension system computer that was hacked was not connected to the fund’s core computer system, which stores sensitive financial details of the pension system’s members, officials reported. Investigators said hackers did no manage to access any files in the core system, which stores a large amount of the company’s most sensitive information, while noting the company is still under investigation.
Of the 1.25 million cases leaked, roughly 52,000 involved the theft of pension IDs, names, dates of birth and street addresses, while some 1.17 million leaked contained just pension IDs, names and dates of birth. The remaining 31,000 personal cases stolen only contained pension IDs and names.
Japanese officials have confirmed the infected PC has been removed and Pension employees will be denied Internet access til the investigation is complete.
Mizushima said the Pension system reported the attacks to the Metropolitan Police Department on May 19th, refusing to elaborate on suspected perpetrators or investigation details.
The breach comes two days after the U.S. pledged to help Japan beef up their cyber defense systems. The security partnership has set goals, including locking down Japan’s military bases and infrastructure from sophisticated cyberattacks.
Meanwhile, the U.S. barely has control of their own cybersecurity, with the IRS breach exposing 100,000 taxpayers information just last week.