national

City in Hyogo Prefecture loses memory drive with info on all 460,000 residents

35 Comments

The requested article has expired, and is no longer available. Any related articles, and user comments are shown below.

© 2022 AFP

©2022 GPlusMedia Inc.

35 Comments
Login to comment

How and why are governments handing over our personal data to shady corporations!?!?!?

"contractor, whose name has not been disclosed...."

Secret corporations, at that!

I once got a letter from a private company I had never heard of demanding that I tell them my My Number number. The firm said it had been contracted by one of my employers to manage my personal data. I told them to stuff it!

17 ( +19 / -2 )

A guy I know lost a company laptop on a train. He got demoted and had to sell his house and moved his family to an apartment. Last time I spoke to him his wife had banned him from drinking for the rest his life. I met outside the station combini, he was drinking a beer.

17 ( +20 / -3 )

According to earlier reports yesterday the USB was lost in Suita City, the man had got very drunk, fell asleep in the street and did not wake until sometime between 2-3am on Tuesday morning. Also it was the mayor of Amagasakh that apologized yesterday.

12 ( +13 / -1 )

the man had got very drunk, fell asleep in the street and did not wake until sometime between 2-3am on Tuesday morning

Gross misconduct. That warrants instant dismissal.

12 ( +12 / -0 )

Er.. Cloud storage? Data encryption?

These are things that exist...

11 ( +11 / -0 )

When he lost this small USB drive, did also, and completely coincidentally, find a large wadge of cash?

8 ( +15 / -7 )

@JeffLee

I once got a letter from a private company I had never heard of demanding that I tell them my My Number number. The firm said it had been contracted by one of my employers to manage my personal data. I told them to stuff it!

8-9 years ago did I receive a letter with a 500 JPY-coupon from Benesse to apologize for leaking my data (the leak did make some waves back then).

The problem being that I NEVER had any dealings with Benesse, I even checked whether I may have had some with one of their subsidiaires or affiliates, but nope I never even remotely came close to Benesse!

To this day, I do not know what is the most infuriating:

.that Benesse lost my data

.that they graciously offer me 500 JPY as an apology

.that they (somehow) got my data to start with!!!!

As far as data handling goes, are Japan Inc. and J-gov the same: completely and utterly untrustworthy.

8 ( +10 / -2 )

This isn't the city's fault. It's the private contractor's fault. Have they been fired? Why haven't they apologized?

The city entrusted them with what should be treated as important information, but they allowed an employee to take it home. That is not data security, or at least a level of data security that needs to be outsourced. I'm sure the city would have been capable of this level of incompetence on its own.

6 ( +6 / -0 )

And there was no back up? Unbelievable!

*"The information was copied onto the USB to facilitate its transfer to a call center in nearby Osaka."*

4 ( +4 / -0 )

@BertieWooster

And there was no back up?

The data was copied not moved, so the data is on the PC!

The information was copied onto the USB

4 ( +4 / -0 )

whooooooopsie

4 ( +7 / -3 )

Japan Inc at its best...anyway still progress if compares to piles papers from fax and handwritten notes in some old suitcase...

4 ( +6 / -2 )

The data was copied not moved, so the data is on the PC!

... running Windows XP.

4 ( +6 / -2 )

But there may be a silver lining, as the city says the data was encrypted and the USB locked with a password. So far, officials said, there was no sign the information had been accessed.

All public servants in Japan are required by law to do this to all electronic devices where sensitive information is stored, so at least the person that handled the USB to the contractor did things correctly.

Very soon this incident will be included in the yearly training of cyber-security the officials also have to take.

3 ( +7 / -4 )

Well, at least it wasn't on floppy or CDROM.

3 ( +5 / -2 )

Isn't outsourcing part of the problem?

3 ( +3 / -0 )

So the individual responsible really was drunk and really does remember nothing!

If it was properly encrypted, it shouldn't be a problem. Next time just e-mail the encrypted file. Bog standard e-mail is not secure, but there are secure options and unless you are a target of the NSA, encrypting the file should be enough.

It's Japan. It's probably been handed in at a koban.

If Japan wants some payback for the historic loss of IP, leave some large files of gibberish on an unsecured JR server in a folder named 'Maglev Schematics Encrypted'. Anyone 'finding' it can spend some time trying to 'decrypt' it.

2 ( +3 / -1 )

@virusrex

But there may be a silver lining, as the city says the data was encrypted and the USB locked with a password. So far, officials said, there was no sign the information had been accessed.

All public servants in Japan are required by law to do this to all electronic devices where sensitive information is stored, so at least the person that handled the USB to the contractor did things correctly.

Very soon this incident will be included in the yearly training of cyber-security the officials also have to take.

Sorry, but I think you are being overly optimistic on this topic.

I've been working in the internal audit / internal control and risk management-field in Japan for the last 18 years. In 2022, I still have to tell people to not share their passwords or tell their password to people calling them on the phone. Also haven't seen much encryption in this country. (full disclosure: I haven't worked on the public side, only corporate-side.)

As in the above case, should the administration have run an audit on the controls in place at the prospective vendor, but such a process seems (as far as I could see) pretty much unknown in Japan (it's standard abroad though). So, either the administration didn't do that or they did and the vendor lied. I'm pretty sure that everybody will, as usual, blame the "black sheep" and toss him/her under the train to avoid the need to ask and answer more questions, there is even a Japanese word for it: 尻尾切り(shippokiri, "cutting the tail").

On similar topics, I recall a case 5-6 years ago(?) where HDDs from the Ministry of Defense found their way on auction sites! I don't recall if it was the person in charge in the Ministry or the guy at the vendor who instead of degaussing (and render the HDDs unusable), just "deleted" the data and sold them as a lucrative side-business. Back then, the Ministry was in full-panic mode trying to identify all buyers and getting the HDDs back...

Going forward, one also just needs to look at the leaks in and around MyNumber and the news as to how hellbent the J-gov is to "get it done", even if it means cutting corners wherever they can with leaks occurring pretty much all across the board (a few years ago did the pension administration lost 5 Mio man-data and the tax-office 750K man-data related to MyNumber).

IF, and that is a big "if", the data really was encrypted, this would mean that, yes, one guy did his job (and followed the security policy) or, (in case of absence of a policy), used his brain. But my overall professional impression is that this is an exception in the cesspool that is data security in Japan...

2 ( +4 / -2 )

How and why are governments handing over our personal data to shady corporations!?!?!?

I don't even like the government having my bank info in the first place with all of the incompetence going on.

2 ( +2 / -0 )

And there was no back up?

You seem to be missing the point. The whole city's personal info is likely in someone else's hands, and now they will definitely crack the pw and decrypt the information since they know what is on it. Already fake versions of the drive are being sold online.

2 ( +2 / -0 )

They say it is encrypted with a password, I hope it isn't something like 1234 or abcd or 0000, which are very popular!!!!

Doesn't matter. A simple tool will crack the pw with ease. Encryption probably won't be a problem either.

2 ( +2 / -0 )

And there was no back up?

Unbelievable!

On a USB stick?

All the data?

On ONE USB stick?

Apart from the personal data aspect, how much is it going to cost us taxpayers to re-enter all this data onto a new USB stick?

1 ( +9 / -8 )

This is why I hate giving over any personal information in Japan. You know it’s likely going to end up on a floppy disk unencrypted in someone’s briefcase.

1 ( +3 / -2 )

running Windows XP.

Probably 98

1 ( +3 / -2 )

I'm more focused on the fact that the data was stored on a thumb drive instead of a CD-rom or floppy disk. Progress!

On a more serious note, the citizens should take action again the city for gross mishandling and carelessness. What was the contractor even doing having the thumb drive on him while he was out drinking the night away?

1 ( +1 / -0 )

I was shocked when I saw this news on TV. How irresponsible!

1 ( +1 / -0 )

This is exactly why I am VERY concerned about My Number system!!! They say it is encrypted with a password, I hope it isn't something like 1234 or abcd or 0000, which are very popular!!!!

1 ( +1 / -0 )

The BBC article on this said the guy passed out drunk in the street and that's when he lost it, along with his bag.

1 ( +1 / -0 )

Er.. Cloud storage? Data encryption?

These are things that exist...

And by law not all can be used precisely because they are not perfect and can be accessed improperly, which leads to these kind of situation.

I've been working in the internal audit / internal control and risk management-field in Japan for the last 18 years. In 2022, I still have to tell people to not share their passwords or tell their password to people calling them on the phone. Also haven't seen much encryption in this country. (full disclosure: I haven't worked on the public side, only corporate-side.)

Public service is a huge mess of paperwork and infinite redundant processes, depending on the place for the information to leave as in that USB several forms have to be filled first asking for permission, then informing the intention to do it and finally to report it was done, checklists with the sofware used for encription and the password used, etc are also common. The contractor should also be qualified by whatever biosecurity committee to handle the information, but obviously this was not enough. For example it is explicitly prohibited for the USB to be separated from the person carrying (putting the bag on the space above the seats in the train is not even allowed). The password is also supposed to be send by e-mail separately, so unless the info is leaked on purpose it can be considered relatively safe.

There are probably many leaks already happening, but this case is not a likely source.

0 ( +0 / -0 )

I remember a previous incident involving a floppy and I commented that maybe it's lucky it's only a floppy.

Now we see what happens when it is a USB...

0 ( +1 / -1 )

was carrying the memory stick during drinks after work.

The individual was probably pressured to go out for drinks with the boss.

It's Japan. It's probably been handed in at a koban.

There is a good chance its been returned to a koban, but unless someone specifically calls the koban and identifies the color, shape, make, style, of the bag containing the USB, they won't get it back. From my experience in Japan, they rarely try to find and contact the person who lost an item. Instead, you have to call around to a hundred different places first.

0 ( +1 / -1 )

*The city of Amagasaki in Hyogo Prefecture said Thursday that a private contractor, whose name has not been disclosed, was carrying the memory stick during drinks after work.*

Amagasaki anyone who knows this city and what kind of groups lurks in this city(yakuza) knows this is a wonderful place to loose a USB!

Private Contractor, really, wondering if this was really lost.

*It included the names, genders, addresses, birthdays and other personal information of all the city's residents, as well as tax data and bank account information on some locals, the city said.*

This would be a great opportunity for Yakuza

0 ( +0 / -0 )

The information was copied onto the USB to facilitate its transfer to a call center in nearby Osaka.

Welcome to Japan. A country that has only recently made the technological jump from floppy disk to USB drive.

If only there was some way of retaining the data, and granting secure access . . . .

Or

Transferring the data decurely without the use of a physical device which could get lost . . . . . .

0 ( +0 / -0 )

I'm rather surprised he didn't lose the papers with the data that were ready to be faxed. The fact that he lost the USB flash is absolutely astonishing and shocking to me, because I could not imagine such a level of technical maturity here... OK, sarcasm..

I bet the USB drive was not encrypted and the data were not in some extra container ala Veracrypt.

Unless they're just trying to hide that it wasn't secured in any way at all, then it's more likely to be a password protected Excel file. Which will be more likely if it really was passed between multiple places as mentioned. Because here as we know, no one is using any standard for communicating across the government so everyone has their own system (even most 区役所 in one city are using different systems) and in order to transfer it somewhere else and open it there, it has to be open in something that absolutely everyone has. And here it is - yes, the popular Excel.

Now they've apologized and no one is going to ask what's next, how this leak is going to be dealt with. If this happened somewhere in Europe or in countries where they have GDPR and generally high data protection at the state level, heads would already roll. And an apology would be the first and last thing anyone would do.

But yeah, 申し訳ございません、しょうがない、大変ですね。

0 ( +0 / -0 )

Most companies I have worked with, have a minimum 7-day backup, e.g. record back up of day's work each day for 7 days . . . . subsequent week overwrites previous week . . . .

-1 ( +0 / -1 )

Login to leave a comment

Facebook users

Use your Facebook account to login or register with JapanToday. By doing so, you will also receive an email inviting you to receive our news alerts.

Facebook Connect

Login with your JapanToday account

User registration

Articles, Offers & Useful Resources

A mix of what's trending on our other sites