Racks and external outflows of business data are announced-The cause is the rules of former employees

　Rack revealed on January 14 that the backup of data that former employees violated the company rules had leaked past business data outside the company.It was discovered in a third -party report, and the company has already completed the survey and has announced that there is no further spread of information.

　According to the company, the case was discovered from an anonymous person report on October 31, 2021 that he purchased an HDD on the flea ket (flea market) site.He couldn't use the purchased HDD, and when he used the HDD recovery tool, he found a rack business data and contacted the company.Rack surveyed the image of some screen capture of some data provided by the reporter, and decided that business data was leaked on November 2, and set up an emergency countermeasure headquarters on the 5th to respond.I made it.

　While negotiating the transfer of the HDD with the caller, he investigated a person related to the leaked business data, and identified a retired former employee on the 30th.It is said that the former employee has confirmed the fact that the HDD was sold on the flea site.The HDD was collected on December 17, and at the same time, the caller has been involved in a contract to delete and do not spread all the data of the outflow information generated when the HDD is restored.

　It is said that the HDD collected by the rack from the caller was simple formatted by the restoration tool, and the company restored the business data stored in the HDD in forensic work.Restored data is 2069 business documents created from 2003 to 2017 (628 business partners), personal information (company name, department name, name or surname, e -mail, or surname of employees and business employees.The address, the company's phone number) was up to 1000.We will report to business partners who may be affected from November 8th, and confirm work from December 20 to January 12, 2022 with the business partners who have found the effects of survey and data recovery.did.

　When the company asked a former employee, the former employee was backed up to the cloud storage service, Dropbox, which had been banned by internal rules when the former employee was replaced.Former employees have been able to synchronize data on Dropbox with multiple devices.One of them is a Mac at home, and the data that had been synchronized was copied as a backup data to the Mac HDD by the backup software "Time Machine" equipped with Mac.

　Later, since the former employee rarely used this HDD, it was said that the data was erased with the data erasure tool and sold it on the flimship site.However, it seems that the data was not properly erased, and the business data was restored by the recovery tool used by the HDD buyer.

　In the survey, the fact that the former employee had backed up data to cloud storage services in violation of the company rules other than when replacing business PCs was not confirmed, and the actions of former employees occurred inadvertently, not malicious intentions.There is a possibility.At that time, it was said that there was insufficient measures to prevent copying of business data prohibited by rules, and later, apart from this proposal, technical courses that prohibit access to Dropbox from internal networks.It is said that it is.

　In the survey, the company confirmed that the business data leaked to another device owned by a former employee did not remain, and the former employee was an external pledge based on the pledge at the time of retirement based on the information obtained in business in the past.Suppose you have confirmed that you will not disclose it at all.The information recorded as the HDD collected from the caller will completely destroy it so that it cannot be spread after all this case is completed.

　Regarding the announcement, the company said, "In order to take the situation in a solemn and prevent information leaks outside the company, restrictions on duplication of business data and strengthening monitoring technical measures, recovery of equipment such as transfer of employees and retirement.We will prevent recurrence by strengthening internal processes such as information disposal. "