A Japanese City Loses All Citizens’ Personal Data Stored In USB Memory

TOKYO, June 24, 2022—The city of Amagasaki, a western Japanese municipality of 460,000 citizens, June 23 announced that the entire population’s personal data, including the national ID number called the My Number, can be compromised in the loss of a data-stored USB memory card carried in violation of regulations by a data company sub-sub-contractor employee who had been intoxicated and had his bag that stored the USB stolen.
The sub-sub-contractor was commissioned data management work from the sub-contractor that was subcontracted by BIPROGY, formerly Nippon Unisys, a publicly traded Tokyo-based company. In a statement, BOPROGY said the data was not compromised because the USB memory was protected with a password and that the data was encrypted. The city said in a press release that the employee on June 21 found that he had realized after returning home that his bag that stored the USB memory was missing and having been unable to locate the bag and USB memory, he reported the loss to police on June 22 as well as to the city office the same day afternoon.
The city said the USB memory stored the city residential codes assigned to all 460,517 citizens, names, postal numbers, physical addresses, dates of birth, gender, dates when domicile was registered. It also stored municipal tax data of 360,573 tax-paying citizens, as well as special financial aid for 74,767 tax-exempt households in fiscal 2021 and 7,949 households in fiscal 2022, plus bank account information of 16,765 citizens that receive national welfare benefits and 69,261 citizens that receive child care subsidies.
At a June 23 news conference, a city official fanned citizens’ anger at the data loss by disclosing the number of digits of the password as it raises the possibility of password breach.
In a nutshell, vital personal information, particularly the My Number that links citizens’ bank, security and other financial accounts, as well as healthcare, criminal and other data is endangered for possible compromising and misuse. While unprecedented that all citizens’ data were lost, Amagasaki is not alone that commissions personal data management and storage to security businesses. Most other Japanese public entities, both of national and local, commission data processing and IT security work to private-sector parties.
In May, two officials of Kamaishi City in northern Japan moved personal data of all 30,000 citizens by email and physically out of the city office presumably for personal use allegedly between the two, the city announced May 26, probably eventually for selling to third parties. The two officials were indicted for violation of the Residence Registry Act and discharged from the city.

###

Leave a Reply

Your email address will not be published. Required fields are marked *