Results to Date in Authentication of Leaked Customer
Information and Measures for the Future
February 27, 2004
SOFTBANK BB Corp.("SOFTBANK BB"), has been working to authenticate Yahoo! BB customer information which was leaked and used in extortion attempts. Reviews and comparisons of the leaked data confirmed that the majority of the information did indeed concern Yahoo! BB customers. However, there was no leakage of credit or security information such as credit card numbers, bank account numbers, passwords, records of use. Below is a summary of our findings to date and our measures for the future.
1. Results of comparison of confirmed data against customer information held by SOFTBANK BB
A comparison of materials furnished by the police for analysis against customer information held by SOFTBANK BB confirmed that personal information on 4,517,039 persons had been leaked.
Results of comparison
| Materials for which the police requested analysis (records) | Customer information (persons) | |
|---|---|---|
| Suspect Yuasa's case | 4,600,575 | 4,447,751 |
| Suspect Kimata's case | 566,506 | 556,611 |
| Total | 5,167,081 | (Customer information leaked) 4,517,039 |
- *The discrepancy between data provided by the police and total records matched is due to duplicate data between the two cases and failure to match Yahoo! BB customer information.
- *The discrepancy between the total persons matched in the two cases and the total customer information leaked represents duplicates data in the two cases.
Breakdown of authenticated customer information
| No. of Persons | ||
|---|---|---|
| Current subscribers | 2,403,617 | |
| Persons in application process | 9,834 | |
| Free trial campaign applicants | 1,473,774 | 2,103,588 |
| Canceled subscribers | 629,814 | |
| Total | 4,517,039 | |
2. Details of authenticated customer information
- 1) Application address
- 2) Name
- 3) Telephone number
- 4) E-mail address (at time of application)
- 5) Yahoo! Mail address/Yahoo! JAPAN ID
- 6) Dates of application
- *No credit card numbers, bank account numbers, passwords, records of use or other credit information were included in the data. The authenticated data was from a separate database than the database containing credit information.
3. Investigation of leakage route and measures for future improvements
SOFTBANK BB is working in conjunction with investigatory authorities to uncover the route by which the information was leaked.
Immediately after it was learned that customer information had been leaked, the company organized an Investigation Committee that reports directly to President and CEO Masayoshi Son and is chaired by Chief Operating Officer Ken Miyauchi.
The Investigation Committee is working in cooperation with investigatory authorities to identify all possible leakage routes and conduct a thorough internal study.
Regrettably, SOFTBANK BB has not yet been able to identify how the information was leaked.
SOFTBANK BB will continue to exert every effort to clarify all aspects of the case and is cooperating fully with investigative authorities in order to prevent secondary leakage or misuse of the data.
Immediately after the detection of data leakage, the company made a number of improvements in the way that it manages personalcustomer data in order to prevent any recurrence.
- (1) Thorough vetting of all personnel authorized to access personalcustomer information and restrictions on the number of persons given access authority.
- Note that there was a mistake in the number of employees given access authority as reported in our previous press release. SOFTBANK BB reported that 132 people could access the information as of last fall, but this number neglected to count 3 people with access authorization at subsidiary. The correct number is 135. The current number of people with access authorization is 58, unchanged from the last report. SOFTBANK BB has strengthened system of keepings logs of all access to customer information and its analysis of access patterns. SOFTBANK BB has also contracted with a company that specializes in anti-hacking measures to better enable our organization to improve the security of our systems, and SOFTBANK BB is currently taking steps in this regard.
- (2) SOFTBANK BB will conduct rigorous training and education programs for its employees, service providers, agents and others in order to increase their awareness of the need to appropriately manage customer information. The company is also revising its work rules to provide stricter disciplinary measures for offenses.
- (3) Supervisors and managers will strictly monitor the work of employees given access authority to ensure that all activities and accesses are legitimate.
4. Internal disciplinary measures
In view of their responsibility for these circumstances, the following executives will be subject to the following disciplinary measures. President and CEO Masayoshi Son will receive a 50% reduction in wages for a period of 6 months; Chief Operating Officer Ken Miyauchi and CTO,Director of the Board Takashi Tsutsui will receive 30% reductions in wages for a period of 3 months. Other employees involved in this case will also be held accountable and subject to wage reductions and other disciplinary measures.
5. Measures for affected customers
SOFTBANK BB will take the following steps in order to express its sincere apologies to customers and ensure that they can continue to use its services with peace of mind.
- (1) SOFTBANK BB will contract by e-mail all customers for whom information leaks have been confirmed. Customers who only use BB Phone services and do not have e-mail addresses will be contacted by mail.
- (2) SOFTBANK BB will send all Yahoo! BB customers gift certificates, etc., worth 500 yen regardless of whether their information was leaked.
- (3) There may be cases in which correspondence is not received due to changes in the customer's e-mail address, street address or other circumstances. Customers can confirm whether their information was leaked on the following web site. SOFTBANK BB will send gift certificates, etc., worth 500 yen to all customers whose information was leaked, including those in the application process, those who applied for the free trial campaign and those who have canceled their accounts.
Confirmation URL: http://bb.softbankbb.co.jp/listchk/
Confirmation will begin at 9:00 a.m., Tuesday, March 9, 2004. - (4) Yahoo Japan Corporation, which manages the e-mail address program, will allow Yahoo! Mail addresses to be changed free of charge as many times as desired from today, February 27 through May 31, 2004.
- Customer inquiry number:
- Yahoo! BB Customer Service Support Center, Customer Advice Office
0120-956-827
Business hours: 9:00 through 23:00
E-mail inquiry address: sbb@bbtec.net
- The information is true and accurate at the time of publication.
Price, specification, contact and other information of products and service may be subjected to change. The information contains certain forward-looking statements that are subject to known and unknown risks and uncertainties that could cause actual results to differ materially from those expressed or implied by such statements.