August 19, 2025 Administrative Guidance for Rakuten Mobile, Inc. (hereinafter, "Rakuten Mobile") on Protecting the Secrecy of Communications, Submitting Reports on Leaks, and Ensuring the Establishment of a Compliance Risk Management System

　Today, the Ministry of Internal Affairs and Communications (MIC) issued written administrative guidance to Rakuten Mobile (Representative Director and President: YAZAWA Shunsuke) concerning a leakage of secrecy of communications at the company. In the guidance, the MIC instructed it to protect the secrecy of communications, submit reports on the leakage, establish a compliance risk management system, implement necessary recurrence-prevention measures, and report on the implementation of these measures.

Note: The published materials are in Japanese only.

1. Background, and other details

　Rakuten Mobile reported that a third party illegally obtained combinations of IDs and passwords that allow users to log in to "my Rakuten Mobile," a web page posted users’ information containing secrecy of communications, and that this allowed the third party to access the users’ information containing secrecy of communications. This incident constitutes a leakage of secrecy of communications as stipulated in Article 4, Paragraph 1 of the Telecommunications Business Act (Act No. 86 of 1984) (hereinafter referred to as the "Leakage Incident").
　According to the report from Rakuten Mobile, the company became aware of the leakage of information containing secrecy of communications no later than February 27, 2025. However, it neither considered it as a leakage incident nor took any action, and did not report it to the MIC until June 17, 2025. This constitutes a violation of Article 28, Paragraph 1, Item 2 (a) of the Telecommunications Business Act, which requires that a leakage report be submitted without delay.

2. Details of measures

　Today, the MIC requested the company to take measures to protect customers from future leakage incidents and prevent the spread of damage. The MIC also issued strict administrative guidance to prevent recurrence of similar incidents by taking thorough preventive measures, including a fundamental review of its compliance and risk management systems.
　The MIC will continue to provide necessary guidance and supervision to ensure the protection of the secrecy of communications.