The Kumamoto Prefecture Violence Prevention Movement Promotion Center, a local Japanese government agency that operates a necessarily confidential helpline for those have fallen victim of the Yakuza, Japan’s legendary organized crime gang often called the Japanese Mafia, as well as those Yakuza members looking to flee from its grasp, has confirmed that it has been hacked. As spotted by an eagle-eyed reporter at The Register, the center has posted a notice on its website warning users that it has fallen victim to a phishing attack. Here’s what we know.
The Kumamoto Prefecture Violence Prevention Movement Promotion Center Yakuza Helpline
If you want to know exactly what the Yakuza is, or how it has earned such a fearsome reputation among the deadliest of organized criminal groups, I suggest you get yourself to Google pronto. The TL;DR is, courtesy of Wikipedia, that the mafiosa-like Yakuza once had an estimated 184,000 members across Japan, but now is thought to have slightly over 10,000. However, the yakuza is known to still engage in a broad sweep of criminal activities, and Japanese citizens remain fearful of the extreme violence the group is known to use.
It is because of this reputation, for the levels of violence the Yakuza are known to encourage, that the Kumamoto Prefecture Violence Prevention Movement Promotion Center exists. When you understand that members of the Yakuza have historically engaged in the ritual practice of yubitsume, the amputation of their own left little finger, it’s hardly surprising that they are more than willing and capable of exacting more pain on their enemies.
The Japanese government agency funded center, therefore, provides a place of sanctuary through a helpline and counselling service aimed at anyone who has been a victim of the Yakuza, including members who are wanting to leave. Anonymity is the key ingredient with such a service, as the repercussions of anything but are too horrific to contemplate. However, that could be what’s going through the minds of some 2,500 users of the service following the news that the organization has suffered a successful phishing attack.
The Yakuza Helpline Hack
A Nov. 21 posting to the official Kumamoto Prefecture Violence Prevention Movement Promotion Center website, in Japanese and translated here by Google, confirmed that “an incident may have led to information leakage due to unauthorized access.”
The security incident posting confirmed that, on Nov. 15, an employee was fooled into logging into a fraudulent support website which led to the center being illegally accessed. “When the employee noticed something was wrong,” the posting said, “he immediately cut off the power and network connection of the computer terminal.”
However, the Kumamoto Prefecture Violence Prevention Movement Promotion Center said that it could not rule out the possibility that “data including personal information used in work,” may have been accessed illegally.
The center also asked that any users of the service who receive a phone call or email pertaining to be from staff members, immediately report it to the contact information given without responding to any requests made.
Currently, it is not known how many, if at all, of the 2,500 records held by the center have been accessed. However, this is one data breach that could have repercussions far beyond the usual warnings about credit card fraud, given the Yakuza connection. I have reached out to the Kumamoto Prefecture Violence Prevention Movement Promotion Center for a statement.
