Japan Pension Service Hack Affects Data of 1.25million People

Japan’s national pension system was hacked due to which personal data of 1.25million people got leaked.

On Monday, the Japan Pension Service announced that the hacking of its National Pension system has affected user data of around 1.25million people.

This scandal exposed the nation’s botched handling of the pension records of its citizens. According to funds’ officials, the hack leaked pension IDs. Names, birth dates and addresses of people by gaining illegal access to personal computers of their workers.

japan-pension-service-hack-affects-data-of-1-25million-people

Reportedly, the data got leaked after agency employees downloaded and opened an infected file in their email.

President of Japan Pension Service Toichiro Mizushima apologized for the information leak and announced that the affected citizens will be provided with new pension IDs.

He stated while addressing a press conference:

“We feel an extremely grave responsibility over this. We will make the utmost efforts not to cause trouble to our customers.”

The computers that got hacked weren’t connected to the fund’s core computer system via the internet. The financial data of the pension system was saved on that computer system. It was identified by Funds officials that no illegal access to that core system was observed. However, the incident is still under investigation. This core system contains highly sensitive data of pensioners such as the amount of premiums paid so far and the amount of benefits that has been paid to every person.

Officials revealed that it was also a probability that the hackers changed the addresses of citizens using the stolen data.

Among the reported 1.25million cases, the pension IDs, names, birth dates and addresses of around 52,000 were stolen whereas in 1.17million just pension IDs were leaked and in 31,000 cases only pension IDs and names were hacked. Officials acknowledged that from the reported 1.25m cases around 500,000 accounts had no user password, which obviously is a violation of the fund’s internal rules.

Infected PCs have been removed from the LAN systems with which they were connected. The pension agency employees are also denied access to the web from their workplace.

We’ve always warned users against phishing emails, opening unknown emails and downloading/clicking the attached files. Again, don’t fall for phishing emails, don’t open such emails and don’t download files from unknown senders.

sourceReuters

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.