Cybersecurity

Japan Takes Its First Step to Fight Hackers

A proposed law would compel companies to add digital protection

Provide news feedback or report an error

Confidential tip?

Send a tip to our reporters

Site feedback:

Take our Survey

By Yuriy Humber and Gearoid Reidy

July 25, 2014 at 12:45 AM UTC

This article is for subscribers only.

This article is part of the July 28, 2014 issue of businessweek.

Shortly after the alert sounded at 9:10 p.m., Yahoo Japan’s risk team knew it had a problem. Some 20 million user names and passwords were being dumped into a file that could then be stolen. “What the hell are you doing?” the team asked the employee whose account was copying the encrypted data, recalls risk manager Motonobu Koh. “I’m not doing anything,” the worker replied. “I’m at home.” The responders managed to block the download.

The April 2, 2013, breach of Yahoo Japan, controlled by SoftBank, was an attempt to grab the identities of visitors to Japan’s most-trafficked website. It remains one of the biggest attacks on the data of the Japanese public. Other targets in the past few years included Sony, defense contractor Mitsubishi Heavy Industries, the Japan Aerospace Exploration Agency, and once-preeminent Bitcoin exchange Mt. Gox.