4.6 Million DSL Subscriber Data Leaked?

Matatabi Report
Japan Tech News Digest
Home | About Matatabi.Com | Subscribe/Unsubscribe | Search
[Date Prev] < > [Date Next] (Back to Index Page)
[JTND] 4.6 Million DSL Subscriber Data Leaked?

Subject: [JTND] 4.6 Million DSL Subscriber Data Leaked?
From: jtnd-list@xxxxxxxxxxxx
Date: Fri, 27 Feb 2004 19:04:55 +0900
List-archive: <http://www.matatabi.com/cgi-bin/mailman/private/jtnd-list>

The Tokyo Metropolitan Police arrested three men on suspicion of
trying to extort 3 billion yen (U.S. $28 million) from Softbank
earlier this week.  The suspects claimed they had obtained DVD and CD
disks containing information on 4.7 million Yahoo BB DSL customers(The
police found 4.6 million on the disks.). Yahoo BB is the boardband ISP
of Softbank group and the DSL leader in Japan with 3.8 million
subscribers. Two of the suspects run a Yahoo BB agency which sells DSL
and IP Telephone services.

[The number is interesting. 4.6 million subscriber data was stolen,
but there are only 3.8 million subscribers officially. Where do
additional 800,000 come from? Does it mean that 800,000 have cancelled
the service, 20% cancellation rate? --ed]

Last month, Softbank was contacted by the suspects who demanded
investment in their venture in exchange for the disks. Although the
company confirmed that a part of the stolen data shown by the
blackmailers was that of the actual Yahoo BB customers, the company so
far has not admitted their entire customer database was stolen. The
police and Softbank will examine the data on the seized disks. It will
take several days before we know the exact scale of the
leak. According to Softbank, the stolen data includes name, address,
telephone number, and email. No billing or credit card information was
stolen.

At this point, there is not much information on how the data was
stolen, but it seems clear that the data were stolen by one or more
insiders who had access to the customer database. An Softbank
executive stated that there were over 100 people who could log-on to
the PCs connected to the database. The company is in the process of
checking the log to find any suspicious accesses to the data.

[Although Softbank is a victim of hideous crime, I expect that there
will be a lot of scrutiny on the company's policy and practice
regarding data security and privacy protection.--ed]
 
Fortunately, the extortion attempt was foiled. However, the
backgrounds of the suspects are disturbing. One of the suspects leads
a right-wing political organisation. In Japan, shady right-wing groups
are often a part of organised crime -- Yakuza gangsters -- or have a
close tie with them.

[It is unthinkable that the data on 4.6 million customers fell into
the hands of the underworld. I am hoping the suspects are just
bluffing.--ed]

According to some tabloid papers, the other two suspects are followers
of a powerful religious group affiliated with a mainstream political
party. One of them was a former ranking member and participated in the
wire-tapping of the home of the communist party leader some 30 years
ago. Although he was not arrested because the statute of limitations
had run out, the religious group lost a civil trial and the court
acknowledged his involvement.

[The communist party and the religious party were strongly criticising
each other then. Both competed(and still compete) for the similar
constituency for votes. The wire-tapping was exposed later by a top
legal counselor who broke his tie with the religious group. --ed]

The opposition parties are demanding that the government investigate the
unprecedented scale of the personal data leak and a committee in the
House of Representatives is considering to call Softbank 
president,Masayoshi Son, to testify. 

[This would be very interesting because the religious party is a part
of the current coalition government. --ed]

Also, it has been reported that the police in Nagoya arrested a man
who attempted to extort 10 million yen (U.S. $ 90,000) from
Softbank. The man sent the company email messages including one with
data on 104 customers and claimed to have information on an additional
one million customers on floppies. He has worked as a temporary
telephone support person for Yahoo BB in the past. The police consider
the source of this leak different from the Tokyo attempt.

[key_privacy, key_security]
-------------------------------------------------------------------------
Matatabi Report:Japan Tech News Digest is the mailing list of
information technology news and critique from Japan. 
Send articles, questions, and comments to editor@matatabi.com
This message is archived at http://www.matatabi.com/
-------------------------------------------------------------------------
Subscribe/Unsubscribe: http://www.matatabi.com/cgi-bin/mailman/listinfo/jtnd-list