In the wake of a major data breach that exposed over 510,000 Line users’ information last November, the Japanese government has issued a stern directive to the popular messaging app to overhaul its cybersecurity practices and disentangle its technology infrastructure from its parent company, Naver.
The breach, which occurred in the aftermath of a series of mergers and acquisitions involving Line, Yahoo Japan, and the South Korean tech giant Naver, has been attributed to the complexities arising from the combined technology footprint of these companies. According to an analysis by Japan’s Ministry of Internal Affairs and Communications, the root cause lies in the shared Active Directory between Line and Naver, as well as Naver’s extensive access to Line’s network.
The Ministry’s report, released on March 5th, highlights the cybersecurity risks posed by this tech sprawl and calls for a comprehensive review of the management and supervision practices within the merged entity, now known as LY Corp. The directive aims to ensure that outsourced parties, such as Naver, are properly managed and monitored.
The Japanese regulators have mandated LY Corp. to provide regular quarterly updates on its progress in addressing these cybersecurity concerns. The company has agreed to cooperate fully with the government’s requests, acknowledging the need for improved security measures in the wake of the massive data breach.
The incident has underscored the challenges faced by tech companies in maintaining robust cybersecurity practices amidst rapid growth and consolidation. As corporations expand through mergers and acquisitions, the integration of disparate technology systems can create vulnerabilities that, if left unaddressed, can be exploited by malicious actors.
The Japanese government’s intervention in the Line data breach case serves as a reminder of the importance of proactive cybersecurity measures and the need for companies to prioritize the protection of user data, even in the face of complex organizational structures and technological landscapes.