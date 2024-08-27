An estimated 2 to 3 million customer records were leaked in a data breach involving Japan's four leading property and casualty insurers, sources close to the matter said Tuesday.

Information leaked from the four firms -- Tokio Marine & Nichido Fire Insurance Co, Sompo Japan Insurance Inc, Mitsui Sumitomo Insurance Co and Aioi Nissay Dowa Insurance Co -- included customer names, insurance policy numbers, insurance types, maturity dates and premium amounts.

The incident has raised concerns over lax information management practices prevalent in the industry, with suspicions that some of the leaked data may have been used for sales purposes.

The four companies that disclosed the breach in May are to report details to Japan's financial watchdog within the week. The agency will review the reports to consider specific measures to prevent a recurrence.

The leaks come on the heels of a recent series of scandals exposing industry-wide compliance issues, including insurance fraud by used car chain Bigmotor Co and collusion over insurance premiums for corporate customers and government agencies.

The data leak revolved around independent agents, such as car dealerships, that handle products from several insurance companies.

It was discovered that employees of insurers posted at independent agencies intentionally leaked contract information from other insurers to their own companies, possibly to gain insight into competitors' sales trends.

Sompo Japan employees at nine or more agencies leaked data like fire insurance contracts purchased at regional banks.

Numerous cases also revealed issues with information oversight at the agencies. When agency headquarters sent emails containing contract information for a particular insurer within their outlets, employees of other insurers ended up being included as recipients.

Insurers are required to supervise agencies, but they did not see the leaks as problematic and failed to stop the practice.

While it was initially estimated that between 151 and 268 agencies per insurer had leaked information, the number appears likely to be higher.

