HomeRisk ManagementsJapan: Cleaning Up Post-Merger Tech Sprawl Following Line Breach

Japan: Cleaning Up Post-Merger Tech Sprawl Following Line Breach

Published on

spot_img

The recent revelation of a data breach at the popular messaging app Line has prompted the Japanese government to take action against the company’s parent organization, Naver. The government’s analysis has led to a directive calling for the separation of Line’s technology from Naver in order to address the security vulnerabilities that led to the breach.

Line’s journey to becoming a dominant messaging app in Asian markets, surpassing even WhatsApp in countries like Japan and Thailand, was marked by a series of mergers and acquisitions. The merger with Yahoo Japan in 2021, owned by SoftBank, further complicated Line’s business structure, with ownership divided between Japanese and South Korean tech giants. This convoluted ownership structure created a sprawling attack surface, with gaps in security that were exploited in the November 2023 data compromise affecting over 510,000 Line users.

The Japanese Ministry of Internal Affairs and Communications issued administrative guidance on Mar. 5, instructing Line and its parent companies to disentangle their technology and strengthen cybersecurity practices. The analysis by the ministry highlighted concerns about the reliance on Naver’s technology within the merged organization, known as LY Corp. Critics pointed to shared Active Directory between Naver and Line, as well as extensive access to Line’s network from Naver’s cloud services.

In response to the government’s directive, LY Corp. has committed to cooperating with the review of its cybersecurity practices and providing regular updates on progress. The Ministry emphasized the importance of proper management and supervision of outsourced parties to ensure security protocols are effectively implemented.

The regulators are calling for a comprehensive review of Naver and Line’s cybersecurity measures, with a focus on identifying and addressing weaknesses in their systems. The quarterly updates requested by the government will monitor the implementation of security improvements and track the progress of ongoing efforts to enhance data protection.

The collaborative approach between LY Corp. and the Japanese government signals a commitment to addressing the underlying issues that led to the data breach. By acknowledging the need for stronger cybersecurity measures and actively engaging with regulators, Line and its parent companies are taking steps to safeguard user data and mitigate future security risks.

Source link

Latest articles

The Evolving Role of the CISO as the Future CFO

The Pressing Question of Cybersecurity Assurance: Is the CISO Role Sustainable? In the fast-evolving landscape...

Why the Gentlemen Ransomware Challenges Identity and Recovery Controls

Emerging Threat: The Gentlemen Ransomware Group Targeting Enterprises Globally A recent report by cybersecurity firm...

Chinese Cyberespionage Targets University Roundcube Servers

Espionage Campaign Targets University Departments with Advanced Cyber Tactics A sophisticated cyber-espionage campaign has recently...

Visa Threat Platform Tackles Payment Fraud

Visa Launches Advanced Threat Intelligence Platform to Combat Payment Fraud In a significant move to...

More like this

The Evolving Role of the CISO as the Future CFO

The Pressing Question of Cybersecurity Assurance: Is the CISO Role Sustainable? In the fast-evolving landscape...

Why the Gentlemen Ransomware Challenges Identity and Recovery Controls

Emerging Threat: The Gentlemen Ransomware Group Targeting Enterprises Globally A recent report by cybersecurity firm...

Chinese Cyberespionage Targets University Roundcube Servers

Espionage Campaign Targets University Departments with Advanced Cyber Tactics A sophisticated cyber-espionage campaign has recently...