231 people’s data likely stolen in cyberattack on Cabinet Office : The Asahi Shimbun

231 people’s data likely stolen in cyberattack on Cabinet Office
THE ASAHI SHIMBUN

April 23, 2021 at 19:14 JST



Photo/Illutration The building where the Cabinet Office is housed in Tokyo’s Chiyoda Ward (Asahi Shimbun file photo)

A file-sharing server used by the Cabinet Office and Cabinet Secretariat officials was illegally accessed and the personal information of hundreds of people may have been stolen, the Cabinet Office revealed on April 22.

The top government offices use the server to share files with outside organizations. The files involved in the data breach were determined to have contained the personal information of 231 people, officials said.

Officials confirmed that the data breach occurred by March 2020 at the latest, according to sources.

Officials determined that a large quantity of data was being sent out from the server, up until the point when the breach was detected.

The amount of data being transmitted reached a few gigabytes at a time, and officials may find that the scale of the data breach was much larger.

According to the Cabinet Office, the server equipment in question is called FileZen, which was developed by Soliton Systems K.K., a major IT equipment company based in Tokyo.

When government officials exchange files, such as internal documents, with outside third parties, they move the files onto the server temporarily so that they can be accessed and downloaded.

The government uses the server to prevent information from being leaked out in other ways, such as accidentally sending files to the wrong email address or losing USB memory sticks.

According to the announcement, the illicit server access was discovered in the middle of January.

Government officials stopped using the server and investigated the matter, and uncovered traces of a zero-day cyberattack, a term that means the hackers exploited vulnerabilities previously unknown by anyone else, even the server vendor.

The cyberattack allowed an unauthorized outside party to access the server and saved files.

The files accessed illicitly were compressed and copied over to an accessible location from outside.

Those files included the personal information of 231 people, including their names, professional affiliations and contact information.

Officials said that they alerted the 212 people they were able to contact and apologized for the security breach.

On top of the leaked personal information, another type of data was also illicitly accessed, sources said.

Officials said they discovered computer viruses on the server that can steal account IDs and passwords necessary for using the server.

Officials’ account information could have been sent out from the server, they said.

The Cabinet Office deals with a broad range of policy areas, such as economy and finance, regional revitalization, technology and gender equality.

The server is used by officials of the Cabinet Secretariat, the Reconstruction Agency, and the Personal Information Protection Committee, as well as Cabinet Office staff.

“We did not find any damage to our computer network within the Cabinet Office,” an official said. “We have redoubled our monitoring abilities against outside cyberattacks.”

The server is scheduled to return to use as of April 26.

According to Soliton Systems, about 1,100 FileZen servers are in use, mainly in Japan, and nearly 60 percent are used by government institutions.

Between December and March, Soliton Systems found security flaws that could allow the server to be breached and urged users to apply security patches.

(This article was written by Tatsuya Sudo, senior staff writer, and Hidemasa Yoshizawa.)