Tax data leak has compromised 259 individuals and corporations in Japan. Specifically, the Osaka Regional Taxation Bureau announced the breach on Wednesday. An employee in their 20s leaked personal information after callers impersonating police officers duped them. The leaked data includes phone numbers and tax payment records from 11 regional taxation bureaus nationwide.
On Monday, the employee received a call on their personal smartphone at work. The caller identified themselves as an official of the Chiba Prefectural Police. The caller knew the employee’s full name and said, “You are also under suspicion.” The person then showed what appeared to be a police ID during a video call. Subsequently, the caller handed the phone to someone claiming to be a detective from the second investigation division. The employee followed the instructions and accessed various personal and corporate records using a work computer. They took 108 screenshots and sent them via the Line app from a private smartphone.
The bureau apologized to those affected by the breach. Officials warned victims to remain vigilant against any problems resulting from the leak. Additionally, the bureau filed a report with the police. No resultant problems had been confirmed as of Wednesday.
The employee had access to sensitive taxpayer information as part of their job. Scammers exploited this access by impersonating law enforcement. Consequently, the employee believed they were cooperating with a legitimate criminal investigation. Tax bureaus across Japan may need to review their security training procedures. Employees must learn to verify caller identities through official channels.
The Osaka bureau has not announced disciplinary actions against the employee. However, the employee may face administrative penalties for violating data protection rules. The tax data leak will likely prompt a nationwide review of security practices. Other regional taxation bureaus will probably increase training on scam awareness. Moreover, the National Tax Agency may issue new guidelines for handling sensitive data. Cybercriminals continue developing sophisticated methods to exploit human error. Therefore, organizations must implement technical controls to prevent unauthorized data access. The investigation into the scammers continues as police track the stolen information. Officials promise to learn from this incident and prevent future breaches.
