TOKYO (Kyodo) -- At least 2.68 million pieces of personal information held by over 100 Japanese entities were leaked in 2018, a Kyodo News survey found Wednesday.
The leakages were those confirmed and made public by 104 organizations including companies such as hotel operators and universities as well as French hotel reservation service Fastbooking SAS, whose data breach exposed information of people who had reserved rooms at Japanese hotels.
MS&Consulting Co. in Tokyo suffered the biggest leak affecting 570,000 pieces of personal data such as email addresses, passwords and phone numbers.
In Fastbooking's case in June last year, a hacker stole around 320,000 pieces of customer data from its Japanese clients including names, addresses, nationalities and dates of stay.
Of some 400 lodging providers in Japan affected by the hacking of Fastbooking's server, 28 businesses including Prince Hotels Inc. and Fujita Kanko Inc. have publicized they were affected.
In other cases, Hirosaki University in northeastern Japan, Yokohama City University and other 12 national, public and private universities came under cyberattack, causing emails to be exposed.
Shopping mall operator Mitsubishi Estate-Simon Co. in Tokyo and Oshino Village Sightseeing Association in the central Japan prefecture of Yamanashi, had information stolen which was then found posted on overseas online bulletin boards and websites.
The survey excludes personal data of Japanese Facebook users affected in a high-profile breach in October that Facebook said caused data of around 29 million people worldwide to be leaked. The U.S. social media giant has not disclosed the numbers by country.
This year there have already been at least two more massive leaks.
OGIS-RI Co., which operates a large-capacity file transferring service said in January 4.8 million pieces of personal information may have been exposed, while Toyota Motor Corp. said in March 3.1 million items of customer information held by its marketing units was leaked.
Harumichi Yuasa, a professor at the Institute of Information Security in Yokohama, said Japan needs a law requiring companies and other organizations to swiftly notify the government and people affected when data breaches occur.
"Businesses are required to more strictly manage personal information as their increasingly globalized operations result in more frequent traffic of such data between (Japan and) overseas," Yuasa said.
The European Union, for instance, obliges companies to report data leakages within 72 hours and contact customers.