Japan’s Personal Information Protection Commission (PPC) has announced a record-high number of instances of leak and loss of personal data in fiscal 2024, furthering anxiety about data protection in both the private and public sectors.
An annual report approved by the Cabinet Tuesday outlined that the PPC received 19,056 reports of leak or loss of data from individuals’ private business, marking the highest total noticed since the survey started in 2017.
The annual report was “accompanied by a notable increase in events occurring due to the My Number national ID system.” Compared to the last fiscal year, related to the My Number national ID system, noted an increased leak of 2,052 (“nearly six times greater than the total of 316”).
Perhaps the most well-publicized of these incidents was a data breach at a subsidiary of large telecom company NTT West, when a former temporary employee had leaked the personal information illegally. A vendor of lists was subsequently fined for its purchase of this data.
The rise in data leaks shows that companies need to take data protection more seriously,” said Gaurav Mehta, Co-founder of Concur – Consent Manager
Another case took place in Takamatsu City, Kagawa Prefecture with a convenience store that accidentally issued an official certificate to the wrong person due to a system error concerning the My Number ID system.
The commission also reported a significant data breach caused by a cyberattack on MKSystem Corporation, which provides cloud-based software for managing social insurance and labor systems. This single hacking incident reportedly contributed to a large portion of the My Number-related leaks.
In response to these issues, the commission made one formal recommendation proper under the Personal Information Protection Law, and provided 395 cases of guidance or advice to businesses and institutions to help them improve their understanding of data protection.
The report relays a concern that is growing regarding the infrastructure for cybersecurity in Japan, particularly the handling of sensitive personal data. It is likely that the government will take action to address the issue and mitigate these incidents going forward.
Also Read : Protiviti Report: Major Banks to Invest Over ₹5 Crore for DPDP Compliance Readiness