Photo/Illutration Iseto Corp.’s headquarters in Kyoto’s Nakagyo Ward (Yoko Hibino)

A printing and mailing service provider has suffered a major ransomware attack, exposing at least 900,000 pieces of personal information, much of it from prefectural and municipal data.

Kyoto-based Iseto Corp., which provides services to government offices and private businesses, has been criticized for its handling of the data breach, failing to provide timely and transparent information to affected parties.

The attack is believed to be the work of a cybercrime group known as 8Base. The group's website listed Iseto as a victim around June 3, bringing the incident to light.

Tokushima Governor Masazumi Gotoda apologized on July 5 for the leak of personal information of approximately 145,000 individuals that the prefecture shared with Iseto.

Iseto printed automobile tax notices for the prefecture, resulting in the exposure of names, addresses, tax amounts and vehicle license plate numbers of drivers.

Similarly, personal data of 420,000 people from Toyota, Aichi Prefecture, was compromised.

Other victims are from areas including Kyoto Prefecture, Tokyo’s Ota Ward and the municipalities of Wakayama, Takamatsu and Hiratsuka in Kanagawa Prefecture.

Private businesses, including financial institutions, were also affected.

Local governments and businesses have expressed frustration with Iseto's handling of the situation. The company initially denied any data breaches, only to later acknowledge the leaks.

Iseto has pledged on its website to promptly report details of the cyberattack as they emerge through the investigation.

However, the company has failed to disclose the total number of affected individuals, local governments and businesses impacted, leaving the full extent of the damage unclear.

Iseto declined The Asahi Shimbun’s request for an interview, stating that it was prioritizing support for affected customers.

According to Tokushima Prefecture, the leaked information was stored on Iseto's internal network, in violation of data handling protocols.

Despite prior assurances that the data had been deleted after the completion of contracts, the information remained accessible.

The prefecture is considering taking legal action against Iseto for damages.

Iseto was founded in 1855 as a paper wholesaler and retailer, and began offering information processing services in the 1970s.

The company’s sales for the fiscal year ending in March 2023 totaled 17.8 billion yen ($111.7 million), according to Tokyo Shoko Research Ltd.

The Iseto incident follows a similar ransomware attack at publishing giant Kadokawa Corp. in June.

Related News