[2023] Record Number of Corporate Personal Information Leaks and Losses! Thorough Explanation of Causes and Countermeasures
In 2023, incidents of personal information leaks and losses reached a record high. This article analyzes the causes of these security incidents and provides a thorough explanation of the countermeasures that companies should take immediately.
Table of Contents
- 2023: Personal Information Leaks and Losses Reach Record High
- From Tokyo Shoko Research’s Survey on Personal Information Leaks and Losses of Listed Companies
- Many Large-Scale Information Leaks and Ransomware Attacks Occurred
- Top 3 Causes
- Top Cause: Virus Infection/Unauthorized Access
- Increased Human Error! Pay Attention to Misdisplay/Mis-sending
- Increasing Unauthorized Removal/Theft
- What Companies Should Do Immediately
- Strengthening Security Measures
- Improving Information Management Systems
- Thoroughly Raising Employee Security Awareness
1. 2023: Personal Information Leaks and Losses Reach Record High
According to a survey by Tokyo Shoko Research, the number of personal information leaks and losses in 2023 was 175, with over 40.9 million personal data leaked. Let’s analyze the latest trends based on these results.
1-1. From Tokyo Shoko Research’s Survey on Personal Information Leaks and Losses of Listed Companies
According to Tokyo Shoko Research’s “2023 Survey on Personal Information Leaks and Losses of Listed Companies,” the number of personal information leaks and losses that occurred in listed companies and their subsidiaries in 2023 was 175, with over 40.9 million personal data leaked, both of which are record highs.
This tally includes only incidents that companies voluntarily disclosed, but even so, the amount of personal information that may have been leaked or lost totals 166.62 million people since the survey began in 2012, which is clearly a huge amount.
The most common cause of these security incidents is virus infection/unauthorized access, followed by human error and unauthorized removal/theft. In particular, 2023 was a year in which large-scale information leaks and ransomware attacks occurred one after another, leading to an increase in the scale of damage.
1-2. Many Large-Scale Information Leaks and Ransomware Attacks Occurred
In 2023, the following information leaks and ransomware attacks were confirmed:
- In June 2023, Gulliver, a major used car sales company, announced the possibility of leaking 2.4 million personal data due to a ransomware attack.
- In July 2023, a system failure occurred at the Nagoya Port Transportation Association due to a ransomware infection, resulting in a business suspension for several days.
- In October 2023, a former temporary employee of an NTT Group company announced the unauthorized outflow of personal information of 9.28 million people.
- In November 2023, LINE Yahoo Corporation experienced a leak of over 400,000 personal data due to unauthorized access triggered by malware infection.
It can be said that all of these cases were caused by insufficient security measures by companies.
However, this is just the tip of the iceberg. All other companies must strengthen their information security measures and thoroughly educate their employees to prevent personal information leaks.
2. Top 3 Causes
So, why do so many security incidents such as personal information leaks occur?
Below, we will explain the top 3 causes of accidents.
2-1. Top Cause: Virus Infection/Unauthorized Access
Accidents caused by “virus infection/unauthorized access” accounted for the majority of 175 cases, at 93.
Viruses and malware can infect your computer simply by inadvertently launching or clicking on malicious files or URL links attached to emails. After that, they masquerade as legitimate programs or files and secretly lurk to carry out unauthorized activities.
Therefore, they often extract information or continue unauthorized access without being noticed by users.
Malware may also create backdoors to make it easier to attack from the outside. In addition, the use of external storage media such as USB memory sticks can also cause virus/malware infections. You may also be subject to unauthorized access by exploiting system vulnerabilities or decrypting weak passwords.
2-2. Increased Human Error! Pay Attention to Misdisplay/Mis-sending
Human errors such as accidentally publishing important information on external websites or sending emails containing customer information to the wrong person are also increasing.
In particular, email is an essential tool for exchanging information between companies, and because so many people use it, the check function does not work and emails are often sent with errors.
For example, mistakes such as incorrect destination email addresses, attaching the wrong file, or mistakenly listing customer addresses that should be in BCC in TO or CC are common.
To prevent these errors, it is necessary to thoroughly educate employees, review operations to prevent errors, and introduce mechanisms to check for errors.
2-3. Increasing Unauthorized Removal/Theft
There have been cases of simple mistakes, such as accidentally losing data copied to a USB memory stick when transporting it to another business location, but there have also been many cases of removal or theft due to criminal activity, such as malicious individuals selling large amounts of personal information to list vendors.
It is important to create mechanisms and systems that make it difficult to take data out of the company.
3. What Companies Should Do Immediately
Once a personal information leak occurs, it can not only greatly damage trust but also incur significant damages.
Here, we will explain in detail the three measures that companies should take immediately to prevent information leaks.
3-1. Strengthening Security Measures
In addition to installing security software, always apply security updates to prepare for the latest threats.
Using security software with malware infection countermeasures, phishing, and ransomware countermeasures can protect confidential data and prevent personal information leaks. Functions that prevent files from being taken out to external storage media such as USB memory sticks are also essential for preventing information leaks.
Also, leaving system vulnerabilities unaddressed can lead to unauthorized access and attacks.
Regularly conduct vulnerability assessments on the entire information system and promptly fix any vulnerabilities found.
3-2. Improving Information Management Systems
It is essential to appoint a person in charge of information security and strengthen the system.
In general, an organizational structure should be established with the top of the information security organization being the business owner and an information security manager being installed under them. Then, at the same time as developing a security policy for the company, create an incident response manual.
One small mistake can lead to a large-scale information leak.
Formulating an appropriate security policy for the handling of information is an important first step in information leak countermeasures.
Also, create a manual that clearly describes the response procedures in the event of an information leak, along with specific examples, so that you can respond quickly.
3-3. Thoroughly Raising Employee Security Awareness
In training, include not only a basic overview of information security in general, but also the latest threats and specific response
methods to raise security awareness.
Of course, you shouldn’t just do training once and be done with it.
Regularly update the training content and make sure that everyone takes the training at least once a year.
Also, thorough management of strong passwords is one of the important information leak countermeasures.
Employees should be enlightened in training to set complex and difficult-to-guess passwords. If possible, introduce measures to further strengthen the security of the entire company, such as introducing multi-factor authentication.
Summary
2023 can be said to be a year in which the importance of personal information protection has increased for companies.
Companies must proceed with the development of measures to prevent personal information leaks and losses, referring to the above measures.
Also, each employee recognizing the importance of information security and taking appropriate actions will be key to protecting the company’s trust and achieving sustainable growth.
For EXO Security inquiries, please contact globalsupport@jiran.com.
