Incident Details
Deficiencies in data security management persisted for an extended period, leading to a 10-year exposure of personal data affecting approximately 9 million individuals stored within a branch of Nippon Telegraph and Telephone West Corp. (NTT West). This breach highlights a substantial breakdown in the company's security protocols and a notable failure in conducting routine security checks and supervision. Beyond being an isolated incident within a subsidiary, the breach has sparked concerns regarding the accountability and trustworthiness of NTT West and the larger NTT group, a prominent telecommunications conglomerate in Japan.
Incident
How Did the Breach Happen?
For a decade, a previous temporary worker at NTT Business Solutions in Osaka illicitly extracted personal data from the call center computer system.
What Data has been Compromised?
Information that has been breached consists of the personal details, such as addresses, names, and phone numbers, of around 9 million people.
Why Did the company's Security Measures Fail?
The security protocols of the company were deemed inadequate as they lacked preventive measures like limiting data downloads to devices and prohibiting the use of personal USB devices. Additionally, there was a lack of scrutiny in identifying unusual behavior and tracking system access.
What Immediate Impact Did the Breach Have on the company?
The company's reputation and credibility suffered as a result of the breach, leading to anxiety and concern among clients and partner organizations who had entrusted their call center operations to NTT Business Solutions.
How could this have been prevented?
To avoid the breach, it could have been stopped by putting in place preventative actions like limiting the ability to download data onto devices, banning the usage of personal USBs, and setting up a system for identifying questionable behavior and overseeing system entry.
What have we learned from this data breach?
The incident of data breach underscores the significance of enforcing robust data protection practices, routinely performing security assessments and monitoring, and promptly remedying any deficiencies or weaknesses in the system.
Summary of Coverage
The disclosure of personal data spanning a decade from a branch of NTT West has sparked significant worries regarding the accountability and dependability of the entire NTT group. The security breach occurred due to a former staff member illicitly extracting personal data from the call center system of the company. The compromised information comprises the contact details, names, and telephone numbers of about 9 million people. This breach could have been averted by enforcing more rigorous security protocols and consistently supervising the system. This event underscores the significance of robust data security procedures and promptly remedying any weaknesses in the system.