Huge Leak Revealed at Japanese Firm

One of Japan's largest printing companies today reported the theft of more than eight million pieces of customer information, including addresses and credit card numbers.

Dai Nippon Printing said around 8.64 million pieces of customer information related to 43 client companies -- including Toyota Motor Corp. and Aeon Co. -- were stolen in July by a former employee of a subcontractor, who absconded with a magnetic optical drive containing the data.

The data includes names, addresses, telephone numbers and, in some cases, credit card numbers on 1,504,857 customers of American Home Assurance, 581,293 customers of Aeon, and 439,222 customers of NTT Finance. Early reports stated that only 20 of the 43 companies involved had been notified of the breach.

The data was allegedly stolen by Hirofumi Yokoyama, 45, a former employee of a subcontractor that processed the information for the printing company. After smuggling the data out on a portable hard drive, Yokoyama sold the data of some 150,000 customers of a major consumer credit firm to a fraud ring targeting online shoppers, prosecutors said.

Part of the data was used for credit card fraud totaling several millions of yen, prosecutors said. Yokoyama was arrested after he left the company. He was later indicted on theft charges.

Japanese newspaper editors and other observers are using the case to point out the weaknesses in the country's latest data security legislation, a 2005 law that requires companies that handle personal information to beef up their security measures. So far, Yokoyama has been charged only with the theft of the drive itself, which is worth about 250 yen.

Dai Nippon Printing officials said they didn't expect data theft to be committed by insiders, according to newspaper reports. The company initiated an investigation only after the sale of the 150,000 names was brought to its attention.

— Tim Wilson, Site Editor, Dark Reading