The Personal Information Protection Commission (hereafter the Personal Information Protection Commission) said on the 23rd that it had recently received personal information leak reports from multiple asset management firms and launched an investigation.
The asset management firms reported to the Personal Information Protection Commission after confirming indications that ransomware infections occurred while using a file server service provided by GJTech and that personal information, including employee details, had been leaked.
GJTech is a company that provides IT equipment services to asset management firms and financial companies, and multiple asset management firms are presumed to be using the service. Ransomware refers to a hacking attack that encrypts computer systems or data and then demands money.
The Personal Information Protection Commission plans to verify the specific circumstances of the leak, the scale of damage, and whether safety measures obligations were observed, focusing on GJTech.
In addition, the Personal Information Protection Commission, noting that personal information leak incidents using ransomware have recently increased, asked each operator to thoroughly check for vulnerabilities in the services they run, carry out security updates, and ensure the safe management of key files such as member databases.