Nikkei reports fresh on the heels of Blue Termite the Tokyo Chamber of Commerce has leaked personal data on 12,000 people:
The chamber said the data comprise the names, and home and e-mail addresses of people who took part in seminars hosted by the organization, which represents small and midsize businesses in Tokyo’s 23 wards.
Financial information such as bank account numbers was not affected, it said. Police have launched an investigation.
The infection was confirmed on May 22 after an institution monitoring the organization’s computer system detected suspicious activity. An official of the organization was found to have opened an attachment of an e-mail sent to one of its departments, triggering the infection.
The chamber had a total of 77,760 members as of the end of March. The members include companies and individuals running businesses.
From the way the article is written, it seems as if the Tokyo Chamber of Commerce has outsourced their cyber security to a managed service service provider. This is a good thing for such a small organization like the Tokyo Chamber of Commerce. More Tokyo-based firms need to do this.
It is doubtful the Chamber is capable of monitoring their network for intrusions to the degree required to capture this activity so it was smart for them to put that task in the hands of professionals. I wonder how long it took to detect the malicious activity, and then once detected, how long did it take to confirm there was an actual compromise?