ArrowArtboardCreated with Sketch.Title ChevronTitle ChevronEye IconIcon FacebookIcon LinkedinIcon Mail ContactPath LayerIcon MailPositive ArrowIcon PrintTitle ChevronIcon Twitter
Business

Benesse leak highlights security risks of outsourcing

Harada, right, apologized for the incident.

TOKYO -- The recent data breach at Japanese education company Benesse underscores the need for improved oversight of digitized customer data, which can be easily stolen by an unscrupulous contractor.

     Benesse Holdings Chairman and Chief Executive Officer Eikoh Harada apologized for the breach, which likely compromised 100 million pieces of customer data, at a news conference Thursday evening. "We must reflect sincerely on our security measures," he said.

     The suspect, Masaomi Matsuzaki, was a systems engineer at a company subcontracted to manage and maintain Benesse's customer information database. He used his access rights to illegally copy the data.

     The room containing the database terminal was closely guarded against outside intrusion, with a camera set up to constantly monitor the entrance. The terminal itself was set up to display an error message if an unapproved storage medium was connected.

     But the smartphone used to download the data was an advanced model able to evade this measure -- a vulnerability that Matsuzaki exploited.

     With more companies outsourcing maintenance of their electronic customer databases, such security breaches by contractors show no signs of stopping.

     Even if contractors sign nondisclosure agreements, it's difficult to get it across to individual employees, points out Kei Umebayashi at law firm Nishimura & Asahi.

     "At a site where people in various positions such as contractors and subcontractors go in and out, it's hard to detect misuse," admits a source at a database management company.

     One factor behind the distribution of leaked customer data is a law fully implemented in 2005 that made it more difficult to acquire information from Japan's resident registry.

     Much of the Benesse data dates from 2006 or later. Buying or selling stolen personal data is prohibited, so data brokers might have thrown doubt on how it was acquired. But if they claim they did not know that it was stolen, it is difficult to prove otherwise, making it impossible to control the flow of data once it has been leaked.

     Companies "have to enter nondisclosure agreements with individual employees, including those at contractors, and make it clear that there are penalties if they are violated, such as paying compensation for losses," Umebayashi says, stressing the need for stronger oversight.

     In response to the breach, Benesse has laid out measures to prevent a recurrence, including a review of the oversight framework and access rights granted to employees.

     "The ones who buy and use the data have to think more about compliance, including confirming where the information came from," says a source close to the Benesse investigation.

(Nikkei)

Sponsored Content

About Sponsored Content This content was commissioned by Nikkei's Global Business Bureau.

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this monthThis is your last free article this month

Stay ahead with our exclusives on Asia;
the most dynamic market in the world.

Stay ahead with our exclusives on Asia

Get trusted insights from experts within Asia itself.

Get trusted insights from experts
within Asia itself.

Try 1 month for $0.99

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this month

This is your last free article this month

Stay ahead with our exclusives on Asia; the most
dynamic market in the world
.

Get trusted insights from experts
within Asia itself.

Try 3 months for $9

Offer ends January 31st

Your trial period has expired

You need a subscription to...

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers and subscribe

Your full access to Nikkei Asia has expired

You need a subscription to:

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers
NAR on print phone, device, and tablet media

Nikkei Asian Review, now known as Nikkei Asia, will be the voice of the Asian Century.

Celebrate our next chapter
Free access for everyone - Sep. 30

Find out more