Recruit Co., Ltd., a prominent Tokyo-based company, recently announced a data breach had affected its real estate wing SUUMO and had compromised sensitive data from several of its employees. The incident, discovered on July 9, involved unauthorized access to a server used to test out some of its real estate services.
The company says no user or customer information was compromised, and no secondary damage has been reported. However, the breach exposed personal data records of 1,313 current and former employees going as far back as 2007.
The firm has also come under increased scrutiny recently over its data collection policies of student data as well as its outsourcing to foreign nations.
Recruit Co Ltd Response and Preventive Measures
On July 9th, SUUMO, the real estate branch of Recruit, had detected unauthorized access from a third party to the server of a service provided to real estate companies and which was being tested before deployment in some areas.
While the affected system had been shut down, it was discovered some of this data relating to employees had been compromised. Recruit expressed regret for the inconvenience and concern stemming from the incident.
Recruit took several actions to limit the impact of the breach, including:
- Contacting affected employees individually
- Setting up a hotline for inquiries
- Implementing measures against unauthorized access
- Rebuilding and re-inspecting affected servers
- Strengthening overall security measures
The statement on its website, issued from the head office in Chiyoda-ku, Tokyo by President and CEO Yoshihiro Kitamura, announced that data related to 1,313 employees and contractors involved in the development and maintenance of its housing-related services since 2007.
“We would like to report the following and offer our deepest apologies for the considerable inconvenience and concern caused to all concerned parties,” the statement expressed.
“In addition, no leaks of user or customer information have been confirmed in this incident. As of today, no secondary damage caused by the use of employee information has been confirmed,” it added.
Concerns Over Student Data Management and Outsourcing
In a separate recent development, Recruit Co. came under intense scrutiny for its handling of public school students’ personal data. While the company had also been authorized by some local governments to collect and manage student information to provide various educational apps, other local governments reported that they had not fully been aware of the data collection practices.
These concerns were raised further as it came to light that Recruit had allegedly shared some of this data with foreign businesses to improve other commercial apps.
A Yomiuri Shimbun survey found that at least 14 local governments have introduced Recruit’s apps this fiscal year, and about 85,000 elementary and junior high school students use the apps. Some of the local governments were unaware of the overseas outsourcing and other improper management of students’ personal data.
The education ministry announced plans to investigate the situation nationwide, after suspecting mismanagement of student data by local governments and the firm.
The ministry emphasized the importance of local governments taking proper initiative while collecting and managing students’ data, and requires them to supervise app providers and exercise caution when storing data overseas.