Japan has national compulsory pension system with 67 million contributors and 40 million beneficiaries. The data of national pension is managed by Japan Pension Service (JPS), a quasi-governmental agency.
The cyber incident triggered by a series of targeted attacks on JPS in 2015 undermined confidence in information security of Japanese pension system.
This paper explains SAI Japan’s special audit report on 1) information security management and operations by JPS before the incident; 2) information security management after the incident; 3) negative impact on JPS’s operations in the aftermath of the incident; and 4) other findings.