Tokyo police on Thursday arrested a systems engineer accused of stealing millions of customer names from the computer database of a large education firm to sell them for profit.
Masaomi Matsuzaki, a 39-year-old temporary staffer, was arrested for violation of the unfair competition prevention law, a spokesman for the Metropolitan Police Department said.
Matsuzaki allegedly copied personal data related to at least 7.6 million customers of Benesse, the parent company of Berlitz language schools in Japan.
The information was allegedly copied at the Tokyo office of Synform, a Benesse-affiliated website development company where the engineer had been dispatched by a staffing agency. Matsuzaki may have gained access to the data because of lax access controls, according to local news reports.
The data was saved on a portable recording device such as a USB memory stick, sold to a broker of name lists for millions of yen (tens of thousands of U.S. dollars) and later used for direct mailing, according to Japanese media reports.
The information, which contained names, addresses, birth dates and phone numbers, could include up to 20.7 million items, Benesse said in a statement last week.
It had speculated the information was stolen by an outsider who had authority to access its database.
“The company will put top priority on uncovering the cause of the leak and on preventing any secondary damage to customers due to malicious use of the leaked information,” it wrote in the statement, apologizing to customers for the leakage.
The Benesse breach is one of the largest-ever data leaks in Japan, a spokesman for the Consumer Affairs Agency said, recalling a case in which over 8 million items of information were stolen from Dai Nippon Printing, which handles direct mail for corporate clients, in 2007.