- API Penetration Testing

Top 14 Cybersecurity Breaches in Japan

Learn about the state of cybersecurity in the Japan and the 14 biggest breaches in this country.
A recent cybercrime research study of 60 countries reveals that Japan is standing in the top five most cyber-secure countries across the world. However, with the increase of mobile and computer ransomware attacks, its leading position has dropped by 4 positions, compromising Denmark, Sweden, Ireland, and Norway. Moreover, in 2021 the number of cleared cyber crime cases in Japan has increased by 23,6%, with a historic high of 12,209 cases, according to Statista.

That is why Japan started taking many different steps to improve its security and resistance to ransomware attacks. This strategy has been announced at the country level by Japan's Communication Ministry, which tabled a set of guidelines to mitigate risks and incidence response to cyberattacks.

Along with that, more and more companies started searching for other ways to strengthen their security in digital. One of the most common practices, that are widely used nowadays, is learning from the experience of other companies. This approach can help to define the weak points in a company's security, as well as understand what tactics ransomware uses to bypass the security system and harvest the sensitive data.

In this article, we'll uncover the most infamous and high-profile cybersecurity breaches that can help you to prevent potential system attacks and enhance your company's security performance.
#1 Japan's Biggest Weapon Maker Mitsubishi Heavy Industries Admitted the Security Breach
This high-profile incident happened a decade ago, in 2011 when the numbers of Japanese cyber crimes were 40% lower compared to the present statistics. Mitsubishi Heavy Industries (MHI), which is Japan's biggest weapon maker, reported its servers were hacked by ransomware after it discovered viruses on more than 80 of its servers and computers. After a detailed investigation, the company also stated that the internal systems were infected by at least eight viruses!

Most of those targeted a plant in Nagoya, where the company designs and builds guidance and propulsion systems for rockets and missiles, a shipyard in Nagasaki – the place of manufacturing destroyers, and a facility in Kobe, responsible for manufacturing submarines and parts for nuclear power stations, said in MHI.

Japan's defense minister claimed that hackers had not succeeded in accessing any important information from MHI, and the company has been instructed to "undertake a review of their information control systems". Nevertheless, the minister didn't mention who was responsible for the breach, the only thing known from the MHI report is that the Chinese language was identified during the malware script analysis.
#2 The Data of 22 Million People May Have Been Stolen in Yahoo Japan Security Breach
In May 2013, Yahoo Japan reported that one of their internal files, containing 22 million user IDs was probably leaked as a result of unauthorized access – to be clear, the potential data breach may have affected 10% of Yahoo's user base. That has a major public impact: Yahoo is the country's most-visited website, which is jointly owned by Yahoo and Japanese network operator Softbank.

After publishing an official statement concerning the breach on their homepage, Yahoo has claimed that all the affected users had been informed about the incident, and their IT department was currently strengthening the network security in the wake of the attack. Users were also recommended to change their passwords, while the company added a tool on its homepage that allowed users to check if their ID was at risk from the suspected breach.

Unfortunately, Yahoo Japan's users can't change their login IDs, which sometimes appear publicly: for example, when users post comments on shopping sites – without losing access to their current account's email and stored data.
#3 Up to 190,000 Flyers Affected From Japan Airlines Breach
As a result of the malware infection in September 2014, Japan Airlines has reported the personal information of up to 190,000 members may have been exposed. Mainly, the ransomware managed to access the members' personal information of its frequent flyer program, known as JAL Mileage Bank.

The 750,000 pieces of personal data that were affected included membership numbers, enrollment dates; names, birthdates, and gender; contact information, postal code and address, and personal work contact information. Luckily, there were no signs of passwords and credit card numbers have been stolen in the breach.

According to the internal investigation, approximately 21,000 pieces of personal data were sent to a remote server, but the company is unable to identify which specific customer information leaked.
#4 Traveling Agency JTB Leaked 7.93 Million Customer Records
A massive data leak occurred as a result of a serious attack targeting JTB Corporation servers in June 2016. According to the initial reports, the sensitive data of nearly 7.93 million people, who use JTB to book trips, may have been exposed. It includes customers' names, addresses, emails, and, in some cases, passport information – the local media outlet Japan Times stated about the leak of more than 4,300 valid passport numbers.

During the internal investigation, it was revealed that the source of the attack was a targeted email phishing campaign, in the attachments of which was a particularly stealthy trojan known as PlugX. After opening, it was activated and managed to spread throughout the network to infiltrate the entire company's database system.

Hiding a trojan or strain of malware is a common practice in many phishing attacks, so the victims who're tricked can potentially have their data leaked or even lost completely. That is why it's essential to always educate the internal staff on the instructions in case they receive an email from a suspicious or unknown sender.
#5 Over 260,000 Customers of Coincheck Cryptocurrency Platform Were Affected By a Cyberheist
A Famous Japan's Cryptocurrency platform Coindesk has lost some of its virtual assets in a hacking attack on its network in January 2017. For nearly 8,5 hours, hackers had access to the company's internal system, and according to the official statement of the company's chief operating officer, nearly 523m NEMs had been stolen. At the time of the breach detection, the overall losses were calculated at 58bn yen ($443.2 million). Naturally, this breach has also led to other cryptocurrencies dropping: for instance, Bitcoin has decreased by 3.4% and Ripple retreated by 9.9%.

The stolen assets were said to be kept in a "hot wallet" - a part of the exchange connected to the Internet. Coincheck said that as the result of an investigation, the IT department already estimated the digital address of where the assets were sent to. The overall number of affected clients is over 260,000 users and the company announced it will refund nearly $400 million to all the affected as the result of a hack.
#6 Messaging App Provider Line Corp. May Have Leaked Personal Data of Nearly 86 Million Users
According to sources in Japan Times, the personal information linked to nearly 86 million Line app users in Japan was compromised owing to the firm's allegedly 'flawed protection guidelines', which was revealed in March 2021. The user's app data of over 86 million people are considered to be compromised by technicians of Chinese origin at the Shanghai affiliate, who was entrusted with Japan's SoftBank Z Holdings company's system management.

The firm has rejected all the allegations of 'wrongdoing' citing company policies and so did the Live officials, who engaged in a spat with the Japanese government. The last party also denies the transfer or sharing of user data without prior consent: the texts and call contents between users on its platform are encrypted and it's not enough to mine the content of the data by accessing the database.

Nevertheless, to ensure the confidential information of their residents, Japan now plans to launch a legal inquiry into the matter under its privacy regulation targeted at protecting users' sensitive data in digital.
#7 Japanese Telecoms Giant NTT Reported About a Data Breach: Hundreds of Clients Affected
On May 7, 2021, Japanese telecommunications company Nippon Telegraph & Telephone (NTT) suffered a data breach, with hundreds of client records being leaked as result. Worth mentioning, that the company ranks 55th in the Fortune Global 500, is the fourth-largest telecommunications company in the world by revenue, and the fifth-largest publicly traded company in Japan.

The ransomware breached several layers of its IT infrastructure – presumably originating from an NTT based in Singapore, where they stole internal data on 621 customers from communications subsidiary NTT Communications. After accessing the sensitive information, hackers managed to upload it to a remote server in their control.

The unauthorized access was revealed 4 days after the breach occurred, according to the official sources, which calls into question the company's security and authority. Additionally, the company didn't uncover whether the customers, whose data leaked, were individual users or partner companies/service providers of NTT, but is reassured that all affected customers will be informed after the company knows "what should be notified".
#8 Japanese Government Agencies Suffered a Major Cyber Attack
In June 2021, several large government agencies in Japan reportedly suffered data breaches originating from Fujitsu's "ProjectWEB" information sharing tool. According to the official sources, the ransomware attack affected several governmental agencies at a time: the Japanese Ministry of Land, Infrastructure, Transport, Tourism, the Cabinet Secretariat, and the Narita International Airport.

To prevent the data disclosure, the Japanese IT equipment and services company was forced to deactivate Fujitsu's software-as-a-service (SaaS) platform. However, before that happened, hackers accessed 76,000 email addresses and email system settings through the system's file-sharing tool. Additionally, the criminals seized projects hosted on ProjectWEB and stole proprietary data, exfiltrated the flight data from Narita Airport, and exposed study materials from Japan's Ministry of Foreign Affairs.

Similar to the SolarWinds attack in the US, ransomware is targeting widely deployed platforms and aims to steal sensitive government data and disrupt critical infrastructure. The attack didn't appear to be financially motivated, and neither its complicity with the Olympics was confirmed. It's also worth mentioning that it's not the first incident of ransomware hitting Japan's government agencies in a month. Earlier, hackers compromised Solito's file-sharing server that affected Japan's Prime Minister's office.
#9 Japan's "K" Line Has Suffered from Several Cyberattacks in Months
Japanese shipping company Kawasaki Kisen Kaisha, known as the "K" Line, has issued an official statement confirming the second security breach in July 2021. The breach occurred due to the "unauthorized access to overseas subsidiary systems."

In their official statement from July 1st, the company's officials said they're "aware that information and data alleged to have been acquired from an overseas subsidiary system was published recently." The third-party expert analysis has found no signs that the ransomware still has access to the system, but the other details, such as who stands behind the breach and what exactly data was affected remain unclear. During the recovery, the company has reported that they've reinforced the internal security measures against viruses and external attacks, improved their early detection, and better control of internal data.

It's also worth saying that the "K" Line had only recently recovered from a previous cyberattack, which took place 3 months ago, on March 2021. Similarly, criminals gained access to the system through an overseas affiliate of the shipping line. Then, the company was however forced to temporarily shut down its enterprise systems and its external connections, though neither their data was lost nor the operations of their global fleet were impacted.
#10 Tokyo Olympics Hit By Cyberattack A Week After the FBI Warning
On July 27, 2021, a Japanese government official revealed that the Tokyo Olympics 2020 has been hit by one last week. According to the official information, the personal data of the event's ticket holders, as well as event volunteers, have been leaked online.

The stolen data also includes personal credentials such as usernames and passwords which can be used to access Tokyo 2020 websites aimed at volunteers and ticket holders. Moreover, the sensitive data such as names, addresses and bank account numbers linked with these credentials might have all been compromised as well.

Still, the organization has claimed that this leak wasn't "large" in scale and all the necessary measures were already being taken to limit the spread of compromised data.

In addition to that, the official sources mentioned that the Japanese government has received a notice about the potential cyber threats at the Olympics 2020 shortly before the attack by the Federal Bureau of Investigation (FBI), which means the organization could have taken precautionary steps to prevent or at least minimize the effect of this breach.
#11 Japanese Beauty Retailer Acro Has Been Hit by a Third-Party Data Breach
As a result of a major hacking attack, more than 100,000 payment cards across two of Acro's beauty product websites have been exposed. The official sources revealed that the ransomware attack on Three Cosmetics and Amplitude's domains may have affected the personal data of consumers who purchased items between 21st May 2020 and 18th August 2021.

After the hacking attack was discovered, Acro issued a report to law enforcement and Japan's Personal Information Protection Commission. To initiate an internal investigation, all four domains of the company were taken offline the next day after the discovery, with the third-party experts being involved to study the reasons for the breach and possible ways of security improvement. Additionally, the company has notified all the potentially affected customers, urging them to monitor their financial statements for suspicious activity.

The analysis of this incident indicated that the attack probably took place due to the vulnerability of the payment processor's systems, which were utilized by both domains. The stolen sensitive data of clients included cardholder names, payment card numbers, dates of expiry, and security codes. It's worth mentioning that financial data, as well as personal information, is a common target of data miners, as it's highly valued on the Darknet.
#12 Japanese Electronics Giant Panasonic Disclosed Data Breach
Japanese multinational conglomerate Panasonic has disclosed a security breach by ransomware, which accessed servers on its network on November 11, 2021. During the internal investigation, the company determined that "some data on a file server" had been accessed during the third-party intrusion.

After the incident was revealed, the IT department immediately shut off the access route, reset all user credentials, and strengthened access monitoring. Moreover, the company has issued the report to relevant authorities and implemented "security countermeasures" - including "steps to prevent external access to the network." To investigate a potential data leak, Panasonic has also brought on a non-biased expert to determine whether or not the customer's personal data and/or sensitive information was affected.

It's also important to admit, that it wasn't the first attempt of ransomware to illicitly access Panasonic's servers: similar accidents occurred earlier this year between June 22 and Nov 3. With this said, it becomes more than clear that the attempts to access data stores are happening more frequently than ever. So, every organization should consider the effective precautions to resist possible hacking attacks, yet "build a solid strategy of how to build resilience into company systems, so rebooting can happen swiftly, if needed", said Alex Pezold, a former information security specialist for the U.S. Department of Commerce.
#13 Japanese Factories of Toyota Motor Corp. Shut Down Its Computer Systems Due to a Major Cyberattack
In February 2022, the world's top auto producer halted operations at all 14 plants in its home country due to a serious cyberattack on its internal systems. The news that one of the Japanese Toyota Motor Corp.'s servers was a subject of a suspected ransomware attack was confirmed by the Kojima Press Industry Co., the company which designs, manufactures, and sells metal, plastic, and electronic components for Toyota. This supplier informed its clients about the determined infection with a virus and threatening messages received.

According to Shiori Hashimoto, Toyota's spokesperson, a one-day stoppage for its factories in Japan translates to roughly 13,000 vehicles. So, while in January the production fell 15% due to the mass-testing measures of Tianjin's residents in China, because of the server breach in February, Toyota Motor Corp.'s output was impacted by about 5% for the month.

The attack hinders Toyota's efforts to return to pre-Covid performance due to the pandemic restrictions and chip shortages, as the global demand for new vehicles is continuously increasing. Additionally, the system outages are affecting other Toyota affiliates, such as Hino Motors Ltd., Daihatsu Motor Co., and more.
#14 Over 1.6 Million Affected Due to a Data Breach at Japanese Candy Maker Morinaga
Japanese confectionery manufacturer Morinaga reported a suspected activity on its online store on March 29, 2022, which could be a result of unauthorized access. The first inspection has shown that the personal information of more than 1.6 million customers may have leaked as a result of this breach. According to the official sources, the potentially exposed information includes the names, addresses, phone numbers, dates of birth, purchase histories, and, in fewer than 4,000 instances, email addresses of affected Morinaga Direct customers. Among the apologies to all the affected – customers, business partners, and other stakeholders – Morianga also mentioned that the exposed information didn't cover credit card information. Overall, the breach may have affected customers who bought products from the candy maker between May 1, 2018, and March 13, 2022.

The company suspects that hackers could have also accessed several servers managed by the vendor after exploiting vulnerabilities in its network, with some data had been locked by ransomware.
Wrapping Up
Regardless of the business, improving the security of a company is an ongoing process that requires deep analysis and proactivity. Nevertheless, with the increasing number of cyber-attacks in Japan, this is an important process that shouldn't be overlooked today. Learning from the experience of other Japanese companies can help you and your company to deeper evaluate the security of your company or enterprise, save up lots of resources and costs for the after-breach restoration and protect your business credibility.

Do you want to ensure the safety of your business? Then, don't hesitate to use Cyberland's API penetration testing services, so we would thoroughly analyze your IT infrastructure to detect potential security weaknesses and offer best possible solutions to them. Team