Japan's National Incident Preparedness and Strategy Centre for Cybersecurity (NISC), the agency charged with formulating and coordinating the nation's cybersecurity strategy, was the victim of a security breach that compromised unauthorised internal information for nine months.
The intrusion began in autumn 2022 and was detected in June. The NISC disclosed a possible security breach involving personal data associated with email communications. It is suspected that cybercriminals probably compromised the email account of one of the agency's members.
NISC has sent email notifications to national and international governmental and private partners, warning them that sensitive data may have been compromised.
Following the assessment and after assurances that they would strengthen their security measures by working together with other organisations, cybersecurity specialists estimated that the breach may have originated from a vulnerability in a third-party system, which also affected other users outside Japan.