March 5, 2024 Measures (Guidance) for Ensuring Protection of secrecy of communications and Cyber Security at LY Corporation

 Today, the Ministry of Internal Affairs and Communications (MIC) issued a written administrative guidance to LY Corporation (headed by IDEZAWA Tsuyoshi, President and Representative Director, CEO, corporation no. 4010401039979, head office: Chiyoda-ku, Tokyo) concerning the leakage of secrecy of communications through unauthorized access. In the administrative guidance, MIC has requested the company to thoroughly protect secrecy of communications in its communications, ensure cybersecurity, take necessary measures to prevent reoccurrences, and report on the implementation status of such measures.

1. Background, etc.

 LY Corporation (headed by IDEZAWA Tsuyoshi) reported the following regarding the leak of secrecy of communications (hereinafter referred to as the "Incident"): LY Corporation outsources the operation of its IT infrastructure to NAVER Cloud. NAVER Cloud outsources security-related maintenance work to a subcontractor. The subcontractor was infected with malware. This infection compromised NAVER Cloud's internal systems, resulting in unauthorized access through NAVER Cloud to the internal systems of LY Corporation, which has a network connection to NAVER Cloud. This led to the leakage of secrecy of communications of users of the service LINE, which is provided by LY Corporation.
 MIC collected reports from LY Corporation based on the provisions of Article 166, paragraph 1 of the Telecommunications Business Act (Act No. 86 of 1984, hereinafter referred to as the "Act"). As a result, it was found that LY Corporation's safety management measures, cybersecurity measures, and management of contractors were insufficient.

2. Details of measures, etc.

 Since the Incident is deemed to have involved the leakage of secrecy of communications, as stipulated in Article 4, paragraph 1 of the Act, the MIC has issued written administrative guidance to LY Corporation as of today. The administrative guidance requests the company to implement the following measures to ensure the protection of secrecy of communications and cybersecurity and to report on the status of their implementation.

1. 1.
   Fundamentally review and strengthen safety management measures and contractor management in light of the Incident
2. 2.
   Fundamentally review and strengthen security governance throughout the group, including the parent company, etc.
3. 3.
   Provide thorough user support

 MIC will continue to provide necessary guidance and supervision to ensure the protection of secrecy of communications and cybersecurity.