Scope of the Breach
Ly Corp, the tech giant that runs the immensely popular messaging app Line, reported a massive data breach on Monday.
They stated that the data breach exposed the personal information of as many as 440,000 individuals. The breach occurred in October and involved unauthorized access to an affiliate’s computer system.
Details of the Leak
According to a spokesperson from LY Corp, the leaked data does not include sensitive financial information such as bank accounts or credit card details. Moreover, users of the popular Line messaging app, a subsidiary of LY Corp. and widely used in Japan, can breathe a sigh of relief as chat messages within the app were not compromised. Despite the potential risks, no reports of misuse have surfaced thus far, according to the company.
Nature of the Leaked Information
LY Corp. disclosed that the compromised data encompasses a variety of personal details, including users’ age groups, genders, and specific aspects of their service usage histories. The breach also exposed information about the company’s business partners and employees. This includes email addresses, names, and affiliations.
Delayed Announcement and Apology
Although LY Corp. confirmed the data breach on October 29, the company waited until now to make a public announcement. The delay, the company explained, was necessary to assess the extent of the breach thoroughly. In a formal statement, LY Corp. expressed deep regret for the incident and apologized to users and all affected parties, pledging to take measures to prevent any recurrence.
Reporting to Authorities
LY Corp. has promptly reported the breach to the communications ministry, adhering to regulatory requirements. The company’s commitment to transparency is evident in its swift communication with relevant authorities to address the incident responsibly.
Malware Infection Triggers Breach
The breach was traced back to a malware infection on a computer belonging to an employee of a subcontractor utilized by LY Corp.’s South Korea-based affiliate, Naver Cloud Corp. The interconnected systems of Naver Cloud and LY Corp., using a shared in-house system for managing personnel information, allowed the unauthorized access into LY’s internal system.
Timeline of the Breach
The company initiated an investigation after detecting suspicious access on October 17, concluding by October 27 that it was most likely an external breach. The initial unauthorized access occurred on October 9, shedding light on the timeline of events leading to the data compromise.
Ongoing Investigation and User Outreach
LY Corp. is actively reaching out to users, business partners, and customers individually, particularly those deemed to be at direct risk due to the data leakage. This proactive approach is part of the company’s ongoing commitment to address the fallout from the breach responsibly.
LY Corp.’s User Base
As of the end of September, LY Corp. reported a massive user base of 96 million individuals using the Line messaging app in Japan, with an additional 100 million users outside the country. The sheer scale of the user base underlines the importance of swift and effective response measures to protect the privacy and security of millions of individuals affected by the breach.
LY Corp. now faces the daunting task of managing the fallout from this significant data breach, requiring immediate damage control and robust measures to fortify its cybersecurity infrastructure and prevent future incidents.