A decade-long breach at a subsidiary of Nippon Telegraph and Telephone West Corp. (NTT West) has come to light, exposing personal data from about 9 million cases and raising profound concerns about data security practices within Japan’s telecom giant, NTT Group.
The breach, stemming from NTT Business Solutions in Osaka, resulted from a former temporary employee illicitly extracting sensitive information like names, addresses, and phone numbers from the call center’s system. Allegedly sold to list brokers, the data leak has drawn police attention, urging accountability through a rigorous investigation.
The breach underscores glaring lapses in NTT West’s protective measures, signaling a failure in regular security audits and monitoring. Shockingly, the breach continued unnoticed for nearly a decade, highlighting the company’s negligent data protection.
NTT Group claims to have instructed preventive measures, yet these weren’t adequately implemented. Presidents Masaaki Moribayashi and Akira Shimada issued apologies for the extensive leak, prompting questions about the subsidiary’s compliance and the efficacy of internal inspections.
Despite NTT’s assertions regarding the significance of information protection, the breach exposes a disconnect between their claims and operational reality. Over 59 entities, including private companies and local governments, entrusted call center operations to NTT, amplifying the impact of this breach.
The breach has led to product solicitations that appear to have exploited the leaked data, causing anxiety among affected parties. NTT Group faces the daunting task of regaining trust and fulfilling its responsibility to safeguard sensitive information, promising restitution and stringent measures moving forward.