Japan: Benesse data breach affects one third of population
Published 4 February 2015
An investigation by Benesse, Japan's largest provider of correspondent education for children, of a major data breach that took place early in 2014 has concluded that approximately 48.6 million people in Japan (approximately one third of the country's total population), was affected by the breach. This has resulted in nearly 2,000 complaints being reported by the end of January 2015, which a further 1,000 claims expected to filed during February.
The breach was a result of a subcontractor copying customer data from a database it was contracted to manage and maintain. The Japanese Ministry of Economy, Trade, and Industry (METI) has since announced that it will amend and strengthen its guidelines for the implementation of the Personal Information Protection Law.
The case highlights the importance of having appropriate information security procedures in place when outsourcing involves access to any customer data.
What action could be taken to manage risks that may arise from this development?
If your company operates in Japan, it should ensure that, when outsourcing tasks involving customer data, they have a security strategy in place and adequate controls and audit rights are in place. It should also ensure that when operating in Japan it follows any new guidelines issued by METI.