Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Customer Data / Japan Pension System Hack Lessons
Lessons from Japan Pension System Hack
Lessons from Japan Pension System Hack
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Hackers have hit Japan’s pension system, getting away with over 1.25 million files of personally identifying information. An external e-mail virus was used to breach Japan Pension Service staff computers, according to system’s president Toichiro Mizushima, who apologized for the leak.

John Humphreys, CMO and co-founder of managed security service provider Proficio, told us this attack and the recent IRS data breach make it clear that government systems are increasingly at risk of being targeted by cybercriminals who want to steal and monetize personal identity data. In late May, the IRS revealed that fraudsters had accessed the archived federal tax filings of 100,000 taxpayers.

His best advice: “Agencies collecting and storing personal identifying information should review their security systems and controls to address this threat.”

Philip Lieberman, president of cyberdefense firm Lieberman Software, told us the APAC region -- and Japan in particular -- has been a region that has resisted adopting modern security technologies.

“The breach at Sony is typical of a culture that does not recognize the risks they are taking in world of Internet connected systems,” he said. “As a company we see the APAC region as an especially attractive region for criminals to exploit based on their wealth as well as lack of security.”

Bad Anniversary Breaches

We turned to Igor Baikalov, chief scientist at security analytics firm Securonix, to get a broader view of the security incident. He told us it seems like a round of anniversary breaches.

Heartland on Monday celebrated the seventh anniversary of the worst breach in the history of the connected world that took place back in 2008 -- when 130 million credit and debit cards were compromised -- by announcing a new incident that involves payroll information.

On top of that, Japan Pension Service celebrated the eighth anniversary of the pension-records scandal that cost Primer Minister Abe an election in 2007 by announcing this recent computer breach that exposed some 1.25 million files containing personal information.

What We Can Learn

What can we learn from these repeat incidents? Baikalov said past failures didn’t seem to improve future security in either organization.

“Download of infected e-mail, execution of the malicious attachment, account compromise, remote access, and subsequent data exfiltration are the most likely steps in the pension system hack that were either not detected or not connected together into the kill chain of the attack,” Baikalov said.

“Apparently, both antivirus control and data loss prevention failed in this scenario, and there were no user behavior analytics or anomaly detection engine employed that could detect account misuse and suspicious data movement,” he added. “As in the Heartland scenario, sensitive data was not encrypted and can inflict substantial damage if used for identity theft or financial fraud.”

Image credit: iStock/Artist's Concept.

Tell Us What You Think


Posted: 2015-06-06 @ 11:12am PT
People rely on unsafe software made by Intuit. If the IRS really has been hacked, it is due to lack of security in Intuit software. The talk that Russia or China may have carried out the process of hacking it is all false story. After bribing investigators in the case of Intuit tax fraud and then fabricating the story to cover up the security leaks in Inuit's products and the truth about that the IRS hacked from inside Intuit by well known employees.

Intuit Tax Fraud story started after I had reported the security leaks in QuickBooks. After that, what happened is a considerable disagreement between the Ex-employee -- so-called the whistleblower -- and between managers.
Why? Because the Ex-employee and some IT security Engineers Concealed my report about six months.

This video is the real reason behind Intuit Tax Fraud story.

The Cyber Security Place:
Posted: 2015-06-03 @ 1:18am PT
Nice Informative Article. Thanks.

Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.