TOKYO -- The computer virus behind travel agency JTB's potentially massive customer data leak was identified Thursday as PlugX, a component of previous attacks on defense-sector companies that is frequently sent from China.
The breach, revealed Tuesday, may have compromised the personal information of as many as 7.93 million customers. JTB said on its website Thursday that customers who may be affected would be contacted by email.
But the torrent of phone inquiries continued. A hastily assembled band of 300 operators had received a total of around 10,000 calls as of Thursday morning. The Japan Tourism Agency has ordered JTB to give a detailed account of the attack and report on measures to prevent a recurrence by June 24.
PlugX lets infected computers and servers be accessed and controlled remotely. The virus has "been used to attack materials makers, information technology companies and other enterprises related to technology and defense, even in Japan," said Shinsuke Honjo, a senior staff research analyst for U.S. information security firm FireEye in Japan. Research into past PlugX cases shows that senders of the virus have often "given signs that they are in China," he said.
The virus frequently spreads through email. In JTB's case, the point of attack was an attached file unwittingly opened by an employee. The email was reportedly disguised as being from All Nippon Airways, a JTB partner.
Many companies, JTB included, warn employees to exercise caution when opening attachments to prevent such targeted attacks. But the problem continues to grow in Japan. The number of email attacks targeting a particular company rose 30% in 2015, Japan's National Police Agency said. Companies must continue to educate employees and take tougher countermeasures to bring the problem of data breaches under control.
(Nikkei)
