Skip to content

Incidents in country:

Japan

15 incidents catalogued

Credential stuffingOngoing

FortiBleed: leaked dataset exposes VPN credentials for ~74,000 Fortinet firewalls

A dataset dubbed FortiBleed exposed valid Fortinet FortiGate VPN credentials β€” including plaintext passwords β€” for 73,932 firewall URLs across 194 countries, the product of a Russian-speaking crew that reused passwords from earlier breaches and infostealer logs rather than any new Fortinet vulnerability.

Victim
Organizations running Fortinet FortiGate firewalls worldwide
Data breachResolved

Toumei data breach (2023)

In October 2023, the Japanese consultancy firm Toumei suffered a data breach. The breach exposed over 100M lines and 10GB of data including 77k unique email addresses along with names, phone numbers and physical addresses.

Victim
Toumei
Records
76.7K
Data breachResolved

Zurich data breach (2023)

In January 2023, the Japanese arm of Zurich insurance suffered a data breach that exposed 2.6M customer records with over 756k unique email addresses. The data was subsequently posted to a popular hacking forum and also included names, genders, dates of birth and details of insured vehicles.

Victim
Zurich
Records
756.7K
private-keystolen

Coincheck NEM heist

Tokyo-based cryptocurrency exchange Coincheck lost 523 million NEM tokens (~$530M at the time) from a hot wallet that had no multi-signature protection. The largest single crypto-exchange theft at the time β€” later attributed to North Korea's Lazarus Group.

Victim
Coincheck Inc.
Loss
$530.0M
Insider threatResolved

Benesse insider data breach

A contractor's system engineer copied 35 million customer records from Japanese education giant Benesse onto a personal device and sold them to data brokers β€” the largest insider data theft in Japanese history, triggering a Β₯20 billion compensation programme.

Victim
Benesse Holdings
Loss
$190.0M
Records
35.0M