Fears Raised Over Possible Attack on Japan’s Cybersecurity Center

The Yomiuri Shimbun

15:26 JST, August 5, 2023

The government’s cybersecurity center said Friday that around 5,000 pieces of data, including personal e-mail addresses, may have been leaked due to unauthorized and unprecedented external access between October and mid-June.

As of Friday, there had been no reports of associated mischief — such as the misuse of personal information — the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) said.

NISC, which was established in 2015 based on the Basic Law on Cybersecurity, serves as a control tower that directs defense against cyberattacks on government institutions.

According to NISC, the e-mail addresses of private companies that communicated with the government body may have been leaked during the period in question.

The issue came to light on June 13, when signs of illegal external access were detected in the system that sends and receives e-mails.

NISC subsequently checked the system’s status, briefly suspended operations and replaced the affected equipment, among other measures. Following confirmation of enhanced system-monitoring, NISC restarted operations. The body has reported the issue to the Personal Information Protection Commission, founded under the Law on the Protection of Personal Information.

NISC says the suspected breach was a “zero-day attack” on a part of the system that had no known vulnerabilities. Such attacks exploit imperfections in a system’s security measures and are said to be difficult to detect.

On Friday, the Japan Meteorological Agency, too, said some of its e-mail data may have been leaked. The agency said the leakages may have occurred because it employs the same type of equipment as NISC, adding that it intended to inform people whose data is suspected of having been compromised.