Sign in / up

back to article Helpline for Yakuza victims fears it leaked their personal info

A local Japanese government agency dedicated to preventing organized crime has apologized after experiencing an incident it fears may have led to a leak of personal information describing 2,500 people who reached out to it for consultation. The Kumamoto Prefecture Violence Prevention Movement Promotion Center offers …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. DS999 Silver badge
    Facepalm

    So now the Yakuza can get revenge on many people

    All for the price of hiring a hacker for a few thousand bucks.

    Plus they get the side benefit that no one is ever going to trust that or any similar organizations to keep them safe from the Yakuza, so the number of people willing to speak out against them is probably gonna drop by 99%.

    Great job Kumamoto Prefecture Violence Prevention Movement Promotion Center!

    23 0 Reply
    1. cyberdemon Silver badge
      Reply Icon

      Re: So now the Yakuza can get revenge on many people

      Yeah, it's that second point that worries me.

      From the sounds of it, the hackers had TeamViewer or similar access for a few seconds / minutes before they were noticed. There seems a reasonable chance that this wasn't long enough to install a more sophisticated RAT or indeed exfiltrate data from the local government network

      If they didn't actually get the data, then announcing it publicly will have done a lot more harm than good

      4 3 Reply
      1. O'Reg Inalsin
        Reply Icon

        Re: So now the Yakuza can get revenge on many people

        They made the right choice IMO. If they didn't, their is also a high likelihood the hackers would publicize and perhaps demand ransom - in which hiding it would be much worse.

        1 0 Reply
        1. cyberdemon Silver badge
          Reply Icon
          Headmaster

          Re: So now the Yakuza can get revenge on many people

          there

          in which case,

          0 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    That is brutally irresponsible

    Although I'm wondering if it really was a hack - it strikes me that it is probably easier to get an insider to collaborate (by, for instance, the usual threat to limbs and relatives).

    19 0 Reply
  3. Sceptic Tank Silver badge
    Facepalm

    C:\README.TXT

    One would kind-of assume that this type of information would be sitting encrypted in a database that is encrypted on an encrypted disk on a heavily fortified computer with tamper-proof HSM that resets itself even if nothing is wrong, all of which is encased in a steel shell inside a vault with no electricity or network access, pumped vacuum to prevent air-gapped access, etc., etc. Bit of a let-down when a complete stranger simply dials in from somewhere and takes all this stuff.

    A bit like the other day when the Dutch police were robbed of all their personal details.

    15 0 Reply
    1. Kraft
      Reply Icon

      Re: C:\README.TXT

      And with a cascading procedure of interacting with the data.

      On a sidenote: I wonder if we should consider the idea of a databank, which would serve as a safe storage and exchange system for data, similar to how a bank safeguards money.

      Unlike money, people often don't hesitate to trust their data to various companies, even though it's frequently mishandled.

      0 0 Reply
    2. Paul Herber Silver badge
      Reply Icon

      Re: C:\README.TXT

      So what is wrong with the locked filing cabinet in a disused toilet etc etc ...

      3 0 Reply
      1. IanRS
        Reply Icon

        Re: C:\README.TXT

        You just can't get the leopards these days.

        7 0 Reply
        1. O'Reg Inalsin
          Reply Icon

          Re: C:\README.TXT

          Leopards? Spots?

          0 0 Reply
    3. An_Old_Dog Silver badge
      Reply Icon

      Re: C:\README.TXT

      I would not assume that this type of information would be sitting in an encrypted database [additional security measure descriptions omitted ...].

      History -- even the pages of The Reg -- is/are overflowing with descriptions of confidential-data breaches and walkaways (zero effective protection) where the data stewards were governments, militaries, police, or businesses.

      2 0 Reply
  4. TeeCee Gold badge
    Meh

    He cut off the internet...

    And now he gets to cut off his own little finger.

    7 0 Reply
    1. Kraft
      Reply Icon

      Harakiri

      Or slightly harakiri himself...

      0 1 Reply
  5. An_Old_Dog Silver badge
    Unhappy

    The Only Way to Keep Your Personal Data Safe

    ... is to never give it up.

    Governments (not just the .JP government) have a data-collection fetish which needs to be harshly and repeatedly slapped down.

    When it comes to computerised information, there is effectively no such thing as 'confidential'.

    4 1 Reply
    1. FIA Silver badge
      Reply Icon

      Re: The Only Way to Keep Your Personal Data Safe

      ....because no low paid employee has ever been bribed to open a filing cabinet??

      3 0 Reply
      1. Wang Cores
        Reply Icon

        Re: The Only Way to Keep Your Personal Data Safe

        Yeah, but everyone knows and accepts physical security practices. The authorities also have the ability to prosecute/punish bad actors when they break them.

        2 0 Reply
      2. Phones Sheridan
        Reply Icon

        Re: The Only Way to Keep Your Personal Data Safe

        ....because no low paid employee has ever been bribed to open a filing cabinet??

        Isn't that what the leopard is for?

        2 0 Reply
      3. Doctor Syntax Silver badge
        Reply Icon

        Re: The Only Way to Keep Your Personal Data Safe

        In order to open a physical filing cabinet the employee has to actually go to it and risk being seen there.

        4 0 Reply
      4. An_Old_Dog Silver badge
        Reply Icon

        Re: The Only Way to Keep Your Personal Data Safe

        @FIA: Whether the information is stored in computers or in phyiscal documents, I stand by my headline and first sentence.

        Physical documents are less-bad because copying them takes substantially longer than copying computerised files. Running a photocopy machine, a document scanner, or standing over a desk with documents laid out on it, snapping away with a smartphone or a Minox camera increases the risk of discovery and arrest.

        Further, with computerised files, one need not compromise a clerk or officer.

        1 0 Reply
    2. Paul Herber Silver badge
      Reply Icon

      Re: The Only Way to Keep Your Personal Data Safe

      ' is to never give it up'

      or let them down ...

      8 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like