Data breach affects Tokyo 2020 Organizing Committee. Olympics under cybersecurity risk?

Less than two months before the start of the Tokyo 2020 Olympics, a source close to the Organizing Committee confirmed to Japan Times the detection of a security incident involving unauthorized access to an information sharing tool developed by the tech company Fujitsu. This incident would have resulted in a massive data breach.

The incident reportedly involves the leaking of confidential information belonging to around 170 people involved in security organization and management tasks. Some of these people also reportedly participated in a drill organized by Japan’s National Cybersecurity Center, which was trying to prepare for possible cyber sabotage.

This is not the first data security incident detected by the government of Japan. Data breaches were previously reported in public agencies such as the Ministry of Foreign Affairs or the National Cybersecurity Incident Preparedness Center. These incidents were confirmed by public officials and representatives of Fujitsu, which works closely with many of Japan’s public agencies.

Authorities declined to confirm the incident, so it is unknown whether this leak includes information related to the organization of the sports competition. In a brief message, the National Cybersecurity Center only mentioned that operations relating to the organization of the games have not been compromised in any way.

As mentioned at the beginning, we are less than 50 days away from the opening ceremony, so the government and partner companies are working at a brisk pace to get everything ready. In this context, it is clear that ensuring cybersecurity has become one of the main objectives of the organizers. 

However, a later report mentioned that the compromised information includes data such as full names and business affiliations of the athletes who will participate in the games, as well as some records about local authorities and their participation in the organization of the Olympics. Moreover, cybersecurity experts mention that this leak could have been caused by a ransomware infection, but there is still no evidence to confirm or rule out this hypothesis.

Finally, Fujitsu President Takahito Tokita submitted a letter of apology to the Japanese government, mentioning that the company will work to prevent a similar incident from happening again.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.