Tokyo Police Fail to Find Suspects in Pension Data Breach

May 21, 2018

Tokyo- Tokyo police on Monday finished an investigation into a massive data breach at the Japan Pension Service, sending related documents to prosecutors without identifying any suspects.

The Metropolitan Police Department failed to identify senders of virus-containing emails used in the May 2015 attack because, among other reasons, software to anonymize them was utilized.

The statute of limitations on the case expired at midnight on Saturday.

A total of 124 virus-containing emails were sent to personal computers at the Japan Pension Service on May 8-20, 2015. Five of its workers opened a file attached to the emails and their PCs were infected, according to the pension body.

A total of 31 PCs at the pension body were eventually affected in the attack as the virus involved is a backdoor type that enables hackers to operate PCs remotely.

About 1.25 million sets of personal information, including names, birth dates and home addresses, of some 1.01 million pension members were compromised as a result on May 21-23, the pension body said.

The infected PCs repeated suspicious communications with a total of 23 servers in and outside Japan, including in the United States, China and Singapore, the police department's Public Security Bureau said.

The servers were apparently used as relay points to hide the originators. Some of the compromised data were left at the server of a shipping firm in Tokyo's Minato Ward.

Some communications records were deleted, and the virus-containing emails were sent from free addresses with high anonymity.

The police department's investigation was carried out through cooperation with overseas law enforcement authorities, but the efforts failed.

No abuse of the compromised data has been confirmed so far, according to the police department. Jiji Press