[ISN] KDDI suffers massive data breach

InfoSec News isn at c4i.org
Wed Jun 14 04:03:48 EDT 2006


Martyn Williams   
June 13, 2006
IDG News Service

Personal data on almost 4 million customers of Japanese telecom
carrier KDDI Corp. has been breached, the company said Tuesday.

The data includes the name, address and telephone number of 3,996,789
people who had applied for accounts with KDDI's Dion Internet provider
service up to Dec. 18, 2003, KDDI said. Additionally the gender,
birthday and e-mail addresses of some of the people was also leaked.

KDDI is Japan's second largest telecommunications carrier. It operates
fixed line, dial-up Internet, broadband and cellular services through
a number of different companies.

The carrier became aware of the leak on May 31 this year when it
received a phone call from someone claiming to possess a CD-ROM of the
data, said Yoko Watanabe, a spokeswoman for the Tokyo-based carrier.  
The original source of the data has yet to be determined and Watanabe
declined to comment on other aspects of the case, which is being
investigated by the police, she said.

The leak is just the latest of several to hit the headlines in Japan
this year. Personal information has been leaked by companies a number
of times onto the Internet through viruses that infect PCs running
file sharing programs. While the source of the data lost by KDDI is
not yet clear, the episode is likely to increase fears of identity
theft and other fraud in Japan.

In recent years the number of frauds committed against consumers using
such information has been on the rise. Armed with the name and address
or telephone number of a consumer, fraudsters can send out bills or
make calls demanding payment for services that were never delivered.  
The slick frauds often dupe consumers into sending money before they
realize they have been tricked.

More information about the ISN mailing list