Tech conglomerate LY Corp disclosed a significant data breach, revealing that approximately 440,000 personal data items, including over 300,000 linked to Line messaging app users, were exposed due to unauthorized access to an affiliate’s computer system in October.
The leaked information, devoid of banking details, credit cards, or Line app chat content, posed no reported misuse risks as of yet, the company assured.
Among the compromised data were users’ age groups, genders, some service usage histories, alongside business partners’ and employees’ information like email addresses, names, and affiliations.
Confirming the breach on October 29, the company delayed the announcement for about a month to accurately assess the breach’s extent.
Expressing sincere apologies to affected users and relevant parties, LY Corp pledged efforts to prevent future occurrences and reported the case to the communications ministry.
LY Corp, formed from the merger of Z Holdings Corp, Line Corp, and Yahoo Japan Corp, traced the leak to malware infecting a subcontractor’s employee-owned computer, linked to its South Korea-based affiliate, Naver Cloud Corp.
An internal system shared between Naver Cloud and LY, utilizing a common authentication system, inadvertently facilitated unauthorized access into LY’s internal system.
The company’s investigation, initiated after detecting suspicious access on October 17 and confirming an external breach by October 27 (initially occurring on October 9), aims to individually notify users, partners, and customers directly impacted by the leak.
As of September’s end, around 96 million users in Japan and 100 million outside the country were utilizing the Line messaging app, as reported by LY Corp.