The number of personal information leaks from companies listed on Japanese stock exchanges, as well as their subsidiaries, rose by 30 percent in 2021 from the previous year to a record 137 cases, according to a corporate research agency.

Tokyo Shoko Research said in a report that over 50 percent or 68 of the data breaches were caused by malware or unauthorized access. It said the number of cyberattacks rose for the third straight year.

Since the agency first began collecting such data in 2012, leaks of personal information pertaining to approximately 120 million people, roughly the equivalent of Japan's population, have been confirmed.

Compared with the United States and European countries, some critics have said that Japanese penalties are not tough enough for corporate executives in the event of data breaches, and that has led to a lack of risk awareness for them.

In 2021, there were 43 instances that were caused by data being accidentally displayed or sent out, according to the report released on Jan. 17.

The largest data breach of the year was discovered in May, when private information consisting of up to 1.71 million people from dating app Omiai, operated by Net Marketing Co., was found to have been leaked.

The case was followed by a dump of data on roughly 1 million customers of Japanese airline operator ANA Holdings Co., and about 920,000 from Japan Airlines Co., after information regarding their respective mileage program members was illegally accessed by a Swiss booking company, according to the report.

As Japan's current law protecting personal information is not punitive, Net Marketing and other companies responsible for the leaks were not fined.

Victims of personal information leaks could take their cases to court, but the amount of compensation per person is believed to be just a few thousand yen if a lawsuit is won, with the cost of trials likely being much higher.

On the other hand, a number of companies in the United States and Europe have been slapped with large financial penalties by their respective authorities when personal data has been leaked.

U.S. consumer credit reporting firm Equifax Inc. agreed with the government in 2019 to pay up to $700 million for an incident in 2017 that found data on 140 million people had been compromised. A majority of the fine has been set aside for compensating the victims.

Although Japan's information protection law remains lax, its revision, slated to take effect in April, is likely to change the situation.

"Companies will be obliged to notify victims in the event of a data leak," said lawyer Hiroyasu Kageshima from Ushijima & Partners. "There is a possibility that demand for compensation will be magnified."

==Kyodo

© Kyodo News International, Inc., source Newswire