Recently, Kyushu Electric Power Co., Inc. made a troubling disclosure regarding a physical security breach that has compromised the private information of over 10 million of its customers.
According to an official statement released by the company, their IT team routinely conducts backups to manage server storage. However, due to space limitations, an external storage device was utilized for this purpose on April 27.
The storage device was securely kept in a cabinet within a server room, safeguarded by multiple layers of physical security. Shockingly, on May 26, when IT personnel went to retrieve the device, they discovered that the cabinet had been left unlocked, and the drive was missing.
Kyushu Electric Power Company serves as a vital regional electric utility in Japan, providing electricity to the Kyushu region, encompassing Fukuoka, Saga, Nagasaki, Kumamoto, Oita, Miyazaki, and Kagoshima prefectures.
With a population of 12.6 million in the Kyushu region, the company has confirmed that approximately 10.9 million customer accounts have been impacted by this unfortunate incident.
The missing drive contained sensitive data including customer names, service location addresses, electricity usage details, telephone numbers, names of retail electricity providers, and other pertinent information. Fortunately, no banking or credit card information was stored on the drive. Affected customers will be individually notified by the company in the near future.
Following the disappearance of the hard drive, extensive interviews were conducted with all personnel who had access to the server room. Despite thorough investigations, the drive remains unaccounted for.
Reports indicate that 57 individuals had access to the server room. Kyushu Electric Power Co. filed a police report on June 4, suspecting foul play in the disappearance of the drive.
NHK One disclosed that the Japanese Ministry of Economy, Trade, and Industry has mandated that the company provide a comprehensive report on the incident and the preventive measures implemented by July 8.
“The company is exploring all potential scenarios, including unauthorized removal of the device, yet it has not been located so far,” the statement reads.
The breach has been reported to Japan’s Personal Information Protection Commission and other relevant governmental bodies.
Security teams record 54% of successful attacks but only alert on 14%. The remaining threats go undetected in your system.
The Picus whitepaper demonstrates how breach and attack simulations test your SIEM and EDR rules to prevent threats from slipping past detection.
Get the whitepaper
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Subscribe to our weekly newsletter below and never miss the latest News or an exclusive offer.
