It has come to our attention that an access permission misconfiguration was present in the cloud environment used to manage company-issued devices (PCs and mobile phones) assigned to employees, resulting in a state in which third parties could access data. Consequently, the following information was in a state in which it could be viewed by external parties.
This incident was discovered on September 2, and access permissions were reconfigured on the same day to ensure that third parties could no longer view the data. Furthermore, at present, we have not identified any evidence of unauthorized access by third parties.
■Information that may have been leaked
- Employee names
- Employee numbers, positions, department names, work locations
- Email addresses assigned by the company
■Individuals whose information may have been leaked
Employees (including former employees), temporary workers, and employees of outsourcing partners who were issued company devices (PCs and mobile phones) from our Company and Group companies
■Cases
14,762
■Period
November 26, 2022, to September 2, 2025
■Cause
Access permission misconfiguration within management systems of company-issued devices
We regard the protection of personal information as a matter of utmost importance, and we are taking this incident very seriously. To prevent any similar recurrences in the future, we will review our verification framework and make the strengthen efforts for prevention.
If you have any inquiries or concerns, please contact us using the information provided below.
<<Inquiries>>
E-mail:ds-device-form@mynavi.jp