88 publicly traded companies in Japan compromised personal information last year, either because of a malware infection or misconfigured access protocols. As many as 30% of the incidents occurred simply because someone sent an email by mistake.
Credit reporting agency Tokyo Shoko Research (TSR), which compiled the data, says the number is the highest since it began collecting it in 2012, reported the Japan Times.
Personal information on a total of 25.15 million people was compromised, but the real figure is likely much higher since many unlisted companies also suffered breaches and / or data leaks.
“Computer viruses and unauthorized access accounted for about half of the total cases reported,” according to the Japan Times. “Such errors as sending emails by mistake made up some 30%.”
In the case of PayPay Corp., a server containing information on all 2.6 million member stores was hit by unauthorized access. The smartphone payment service provider saw more than 20 million pieces of information compromised in the incident, including the names of representatives of the member stores and PayPay employees, the report says.
Experts cited by TSR say many companies rushed to promote digitalization and remote work, leading to security gaps that attackers leveraged.
“There is a possibility of companies failing to take sufficient security measures,” said Masayo Fujimoto, a professor at the Institute of Information Security.
As organizations move workloads to the cloud, the chance for misconfigurations increases while the visibility of threats diminishes, Bitdefender recently reported.
Attacks enabled by misconfiguration have become increasingly common in the work-from-home era as organizations often neglect systematic hardening processes and policies to properly close entry points. Endpoint misconfiguration accounts for 27 percent of entry points exploited by attackers seeking access to IT environments, research by ESG shows.