A portion of the information stolen in the recent hacking attack on the Japan Pension Service (JPS) has been found on a company's server in Tokyo, according to investigative sources.
Investigators believe an individual hacked and remotely operated a shipping company's server in Tokyo's Minato Ward. The Metropolitan Police Department's Public Safety Bureau is analysing the server's records to determine whether it was hijacked by the party responsible for stealing the data.
Authorities found the data on the Tokyo firm's server after the pension management organisation reported the hacking on May 19. After evidence that the operation was carried out remotely was discovered, investigators were able to match the portion of data with what was stolen from JPS.
The Public Safety Bureau believes the party responsible had transferred stolen data to the server for temporary storage.
Cybersecurity investigations often struggle to trace hacking routes because hackers typically hijack third-party servers that their targets do not normally use, for such malicious purposes as stealing data. The Tokyo shipping firm was not aware their servers were compromised until informed by police.
In the JPS case, staff computers were compromised after e-mails with a virus attached were opened, resulting in the theft of 1.25 million cases of personal pension subscriber data including names and basic pension numbers.
E-mails with viruses attached were sent to the JPS numerous times from May 8 to 18, with two employees opening them on separate occasions. One was received by the JPS Kyushu bloc headquarters in Fukuoka and opened on May 8. The other was received and opened several days later by the JPS headquarters in Tokyo's Suginami Ward.
The JPS e-mail address that received the infected e-mails was intended to be used by companies seeking to participate in an open bid by the JPS regional headquarters to procure equipment. JPS staff involved had been using the address, which could be found on the JPS website.
The Health, Labor and Welfare Ministry plans to establish an investigative committee that includes outside experts by the end of this week to determine the cause and prevent a recurrence.
The ministry will discuss disciplinary action for senior JPS officials as soon as the committee concludes its probe. A decision has yet to be made on changing the compromised basic pension numbers.
Calls have flooded a hotline set up to field inquiries regarding the hacking, prompting the JPS to increase phone lines for the hotline to 1,000 from the current 100.