Japanese utility Kyushu Electric loses drive holding 10.9 million customer records
Kyushu Electric Power, one of Japan's largest utilities, has disclosed a physical security incident: a storage drive containing the personal data of more than 10.9 million customers went missing. Because the exposure stems from lost media rather than a network intrusion, the risk depends largely on whether the drive was encrypted, a detail that determines if the data is readable by whoever finds it. The incident is a reminder that data-governance failures, like unencrypted or poorly tracked portable storage, can expose as many records as a sophisticated hack. Affected customers should watch for fraud and phishing attempts referencing their utility account.
- Check
- Kyushu Electric customers should watch statements and inboxes for fraud or phishing referencing their utility account; organizations should audit how portable drives holding personal data are encrypted and tracked.
- Affected
- More than 10.9 million Kyushu Electric Power customers whose personal data was stored on the missing drive; exposure severity depends on whether that storage was encrypted.
- Fix
- Encrypt all portable and removable media holding personal data, maintain strict chain-of-custody and inventory for such drives, and minimize the data placed on movable storage in the first place.