Learning from the NTT West Personal Information Leakage Incident: Internal Fraud and Information Leakage Issues and Countermeasures for Companies
Are you feeling anxious about security due to the NTT West personal information leakage incident? For companies and organizations, the leakage of personal information not only results in a loss of trust but also carries the risk of losing existing and potential customers, leading to decreased profits and sales.
It’s crucial to deepen your understanding of what to learn from the NTT West personal information leakage incident and what countermeasures are available to strengthen security.
This time, we will discuss what the NTT West personal information leakage incident is, why EXO Security can address the NTT West incident, and EXO Security’s endpoint security.
Table of Contents
- NTT West Personal Information Leakage Incident
- Overview of the NTT West Personal Information Leakage Incident
- Security Issues in the NTT West Personal Information Leakage Incident
- Why Internal Fraudulent Information Leakage Was Left Unattended for Nearly 10 Years, Involving 9 Million Cases
- Why EXO Security Can Prevent Corporate Information Leakage Incidents in Advance
- Prevent Data Removal via USB with Device Control Function
- Enable Administrator or Supervisor Approval for USB and Other Device Usage
- Restrict File Attachments by Blocking Applications
- Restrict Programs with Screen Capture Function
- Restrict Document Printing with Printer Control
- Protect Personal Information and Confidential Data through Encryption
- Eliminate Personalization with Web-Based Administrator Function
- What is EXO Security’s Endpoint Security?
- Summary
1. What is the NTT West Personal Information Leakage Incident?
First, we will explain what the NTT West personal information leakage incident is.
1-1. Overview of the NTT West Personal Information Leakage Incident
The NTT West personal information leakage incident involves a former dispatched employee of an NTT West subsidiary leaking and divulging approximately 9 million pieces of personal information over about 10 years. This is a malicious security incident where customer data was saved to a USB memory stick, stolen, and sold to list vendors.
Recently, despite security measures being in place at major and well-known companies, incidents of personal information leakage and information breaches have been increasing. These security incidents are not just happening to others; they should be recognized as personal matters, and risks should be avoided.
References:
- NTT West Subsidiary’s Former Employee Leaks 9 Million Personal Information Items to List Vendors – Nikkei Business Daily
- [NTT West] Apology and Notice Regarding Unauthorized Leakage of Customer Information | News Release – Telecommunications/ICT Services/Solutions
1-2. Security Issues in the NTT West Personal Information Leakage Incident
- The rule prohibiting bringing in recording media such as USB memory sticks was not followed.
- There was no system in place to check the carrying in of recording media such as USB memory sticks.
- Although records remained in the logs, behavior detection was not performed immediately.
- Regular log checks were not performed sufficiently.
- IDs and passwords to enter the server were shared.
- No measures were taken against internal fraud.
- Internal fraud itself had not been recognized for many years.
The above are examples of security issues in the NTT West personal information leakage incident. All of these are basic security measures, and the situation is too sloppy for a vendor responsible for system maintenance and management.
1-3. Why Was Internal Fraudulent Information Leakage Left Unattended for Nearly 10 Years, Involving 9 Million Cases?
The reason why internal fraudulent information leakage was left unattended for nearly 10 years, involving 9 million cases, is that the technician involved in the system maintenance and management committed the internal fraud himself.
Internal fraud was carried out with an understanding of technical security risks, and other managers and colleagues who were unfamiliar with security and technology could not detect it. In addition, even if personal information is leaked, the individual whose information was leaked cannot recognize where the information was leaked from, which is another significant reason. If individuals have registered with various online services, it is difficult to tell where the information was leaked from just by an increase in malicious solicitations or spam, and it is difficult to promote caution. As a result, detection was delayed, and the case was left unattended for many years.
2. Why EXO Security Can Prevent Corporate Information Leakage Incidents in Advance
Next, we will explain why EXO Security can address the NTT West incident.
2-1. Prevent Data Removal via USB with Device Control Function
EXO Security has a device control function that can prevent data removal via USB. In the case of the NTT West incident, data was physically removed using a USB memory stick, so there is no doubt that this function could have prevented the removal.
2-2. Enable Administrator or Supervisor Approval for USB and Other Device Usage
EXO Security also has a function that allows administrator or supervisor approval for USB and other device usage. Even in highly secure maintenance environments that are isolated from the network, data can be input and output as needed, and who is inputting and outputting data with which device can be completely managed. Therefore, personal information leakage like the NTT West incident could have been detected early.
2-3. Restrict File Attachments by Blocking Applications
EXO Security can set control policies for each application, so data removal and file attachments are restricted in unnecessary applications. It is also possible to block the upload of files containing personal information or confidential information to cloud storage or chat tools, and multiple security measures are in place to prevent data from being taken out externally. In the NTT West incident, the person in charge was able to remove data arbitrarily, so there is a high possibility that the application blocking function could have prevented it.
2-4. Restrict Programs with Screen Capture Function
In the NTT West incident, it was a USB memory stick, but there are also cases where data is removed as images using screen captures. EXO Security has a function to restrict programs with screen capture functions, so it can also prevent personal information from being stolen as images.
2-5. Restrict Document Printing with Printer Control
Similarly, in the NTT West incident, it was a USB memory stick, but there are also cases where personal information is printed out and removed using a printer. EXO Security has a function to restrict document printing with printer control, so there is a very high possibility that it can prevent data leakage other than USB memory sticks.
2-6. Protect Personal Information and Confidential Data through Encryption
In the case of NTT West, there is a high possibility that the information that was taken out was not encrypted and could be used as is. EXO Security has a technology that can automatically detect files containing personal information such as My Number and confidential company information, and automatically encrypts and protects data that corresponds to the policy set by the administrator. It is also possible to investigate the amount of data held within the PC. Since it automatically detects personal information and confidential information and automatically encrypts and protects personal information and confidential data, there is a high possibility that even if it was applied and leaked, it would not have been sold to list vendors or misused.
2-7. Eliminate Personalization with Web-Based Administrator Function
EXO Security has a web-based administrator function, so you can monitor the maintenance and management status from another location. It also has a real-time detection function and a function to monitor various logs, so you can immediately grasp the detection of security incidents and security risks without restricting it to only people with technical skills.
3. What is EXO Security’s Endpoint Security?
Next, we will explain the other functions of EXO Security’s endpoint security.
The above are examples of other functions of EXO Security’s endpoint security. By using it in combination with the various functions mentioned above, you can further strengthen security. It is also a function and performance that was necessary in the NTT West personal information leakage incident, and it can be said that it is the minimum security measure that companies and organizations that handle personal information and confidential data should have.
Summary
This time, we talked about what the NTT West personal information leakage incident is, why EXO Security can address the NTT West incident, and EXO Security’s endpoint security.
According to the Personal Information Protection Act, once personal information is leaked, severe penalties may be imposed, and it is important not to forget that this can result in enormous losses for companies.
There is also the risk of losing the trust of business partners by leaking important data. A single leak of personal information can result in the loss of existing customers, future customers, profits, and sales.
In the end, whether or not you have seriously worked on security and whether or not you have technically responded is essential to prevent security incidents.
By introducing our “Endpoint Security for Corporations”, you can protect various data generated by business activities from internal fraud and information leakage. If you are worried about “wanting to strengthen security” or “having concerns about security”, please take this opportunity to contact us for a consultation.
Thank you for reading to the end.
For inquiries, please contact globalsupport@jiran.com.
