Japan: Issued PPC October summary on measures implemented by LINE after a personal information breach

On 30 October 2024, the Japanese Personal Information Protection Committee (PPC) published a summary of the progress made in response to recommendations given to LINE Yahoo following a personal information breach. The incident occurred when a computer used by an employee of a Korean company, a contractor of LY Corporation, became infected with malware, leading to unauthorised access to LY Corporation's information system and resulting in the leakage of personal data related to LINE. The PPC reported that the separation of authentication systems and the risk management system revision were completed. Ongoing measures include annual on-site audits, the termination of outsourced services to NAVER Group and NC Corp., and the employee security surveys, which were completed and are now being assessed and are expected to be completed by 2025. The PPC will continue to monitor the progress through annual audits and continuous reviews.