Tokyo, Japan - The Japanese government issued an administrative order to LY Corporation, demanding that the company strengthen its privacy and cybersecurity measures following a massive data breach that compromised users' private communications.
According to the Ministry of Internal Affairs and Communications (MIC), the breach occurred due to malware infections at NAVER Cloud, a company to which LY outsourced its IT infrastructure operations, and another unnamed subcontractor.
This allowed unauthorized access to LINE Yahoo's internal systems, exposing confidential user communications.
The MIC found several security lapses, including LINE Yahoo's heavy reliance on NAVER Cloud for system and network configurations, inadequate technical security measures, and poor contractor management.
The Department highlighted LINE Yahoo's failure to implement strong access controls, multi-factor authentication for critical systems, and mechanisms to detect unauthorized access.
As part of the administrative directive, the MIC has ordered LINE Yahoo to fundamentally review and strengthen its security controls, cybersecurity practices, and contractor management.
The company must also reassess the security risks associated with its shared authentication infrastructure and immediately isolate its systems from the NAVER Cloud.
In addition, the MIC has directed LINE Yahoo to establish group-wide governance, including its parent company, to identify and address security risks effectively.
LINE Yahoo is required to report regularly to the Department on the implementation status of these measures.
The MIC has warned the company to prevent such incidents from recurring and thoroughly protect users' confidential communications.
