Rakuten Mobile Receives Administrative Guidance Regarding Unlawful Data Intrusion
The Japanese Ministry of Internal Affairs and Communications has issued a directive to Rakuten Mobile Inc., a subsidiary of the e-commerce giant Rakuten Group Inc., to strengthen its security measures and data protection practices following a data breach that led to the leak of personal information from around 7,000 subscriptions[1][2][3].
The breach, which occurred earlier this year, was caused by an illegal access to Rakuten Mobile's mobile phone service system. The ministry's guidance came after Rakuten Mobile experienced a substantial delay in reporting the incident, violating telecom regulations requiring immediate disclosure[1][2].
The ministry's instruction for Rakuten Mobile Inc. includes several key points:
- Detailed reporting on how Rakuten Mobile will improve its security and monitoring systems to prevent unauthorized system access.
- Implementation of enhanced data protection and leak prevention practices.
- Steps to ensure timely internal incident reporting and prompt external notification to regulators and customers in future cases[1][2][3].
These directives aim to strengthen Rakuten Mobile’s internal controls and compliance with the Telecommunications Business Law, under which the data breach constituted a breach of secrecy of communications[1].
The leaked personal information includes sensitive data, such as call histories, which could potentially be used for malicious purposes. The potential misuse of leaked call histories could have serious implications for the privacy and security of Rakuten Mobile's subscribers[1].
The ministry's instruction from Tuesday now encompasses both the delay in reporting the illegal access and the subsequent personal information leak. The ministry's ongoing investigation into the case may uncover further details about the extent and nature of the malpractice[1].
It is suspected that the malpractice conducted by a group of boys was repeated. Several boys were arrested on suspicion of fraudulently subscribing to Rakuten Mobile's service by illegally accessing the system. The boys are believed to have resold the subscriptions[1].
The case is related to fraudulent subscription activities. The case involving the fraudulent subscription activities and personal information leaks from Rakuten Mobile's service is expanding in scope[1].
Rakuten Mobile Inc. has been given until the end of October 2025 to submit a comprehensive written report detailing its corrective measures[1][2][3]. No specific public details have been released yet about the exact technical solutions or policy changes Rakuten Mobile will implement.
[1] The Mainichi [2] Nikkei Asia [3] Kyodo News
