THE ASAHI SHIMBUN
May 7, 2021 at 14:19 JST
The Tokyo headquarters of Soliton Systems K.K., which developed the FileZen file-sharing server (Hidemasa Yoshizawa)
Cabinet Office officials failed to share information about a computer security breach for three months with local governments that also use the same file-sharing server.
An investigation into the FileZen server equipment developed by Soliton Systems K.K., a major IT equipment company based in Tokyo, found a breach in late January and that files had been illegally accessed, Cabinet Office sources said.
But it was not until April 22 that the Cabinet Office announced the breach and the finding that the personal information of 231 individuals had been leaked.
In the interim, the Cabinet Office did not inform local governments that also use the FileZen server about the security breach.
There was also apparently no attempt to encourage those local governments to conduct their own investigation into whether data from their files had been stolen.
Local government officials were not told about the extent of the stolen data at the Cabinet Office beyond the announcement.
An official with the Awara city government in Fukui Prefecture said, “We never received an explanation about damage from an illegal access so we felt all we had to do was update the program.”
Soliton Systems began offering a revised program from March 5.
“We are extremely worried (about a data leak) and are considering investigating the computer log file for signs of illegal access in the past,” the Awara city official said.
Other municipalities left computer matters up to outside contractors.
The Setouchi city board of education in Okayama had its outside contractor discuss the security breach issue with a Soliton Systems official.
“We did not receive detailed information from the contractor (about the server's vulnerability),” a Setouchi official said.
The Asahi Shimbun contacted seven public organizations before the Cabinet Office announcement about the security breach and none recognized any illegal access of their files.
However, Masakatsu Morii, a professor of information communication engineering at Kobe University, said, “We do not know if the cyberattack targeted only the Cabinet Office server so local governments should also investigate whether any of their files leaked.”
Morii was also critical of the fact that it took the Cabinet Office more than a month to announce the damage from its server after Soliton Systems released the revised program in early March.
“Announcing the findings will heighten a sense of the possible dangers and could prevent further damage,” Morii said. “An unintentional equipment malfunction is not the fault of anyone. That's why there is a need for a prompt announcement of the extent of the damage soon after the revised program was released.”
(This article was written by Tatsuya Sudo, a senior staff writer, and Hidemasa Yoshizawa.)
231 people’s data likely stolen in cyberattack on Cabinet Office
April 23, 2021
National Police Agency computer hacked 46 times through VPN
December 31, 2020
Stolen Softbank 5G data found on PC confiscated from Rakuten
January 13, 2021
Russian hackers steal VPN login data, revealing remote work risk
August 26, 2020
Google says North Korea-backed hackers sought cyber research
January 27, 2021
Line subsidiary in S. Korea able to access users’ Talk service data
March 18, 2021
Stories about memories of cherry blossoms solicited from readers
Cooking experts, chefs and others involved in the field of food introduce their special recipes intertwined with their paths in life.
A series based on diplomatic documents declassified by Japan’s Foreign Ministry
A series on the death of a Japanese woman that sparked a debate about criminal justice policy in the United States
A series about Japanese-Americans and their memories of World War II
Here is a collection of first-hand accounts by “hibakusha” atomic bomb survivors.
