Example : Softbank – theft of consumer data for extortion

Softbank of Japan offers broadband Internet services across Japan through 2 subsidiaries – Yahoo! BB and Softbank BB. In the year 2004, the bank announced that the security of 4.5 million customer records which had been compromised: data from both subsidiaries had been illegally copied and disseminated. The leaked details included home phone numbers, customer names, addresses and email IDs, but did not involve passwords, access logs and credit card details.
Softbank became aware of problem only when they were approached by 2 groups of extortionists. The criminals produced genuine customer data and threatened that all of the data would be posted to Internet if they were not paid a large amount of money.

Japanese police made 3 arrests but suspected that there may have been connections to prearranged crime and the political far right. Astonishingly, the police concluded that there had in fact been 2 simultaneous, yet independent, extortion tries against Softbank, they masterminded by employees of the company. All of the people who were accused of extortion had been authorized to access the customer data; but it seemed that Softbank had inadequate procedures to protect against unwarranted copying and dissemination.

The bank immediately announced making strict policies of security, further restricting access to their systems and enforcing strict security on all of their subsidiaries. Profuse apologies were offered to affect the customers and ¥4 billion were paid in compensation. Further, Softbank BB’s president, Masayoshi Son, announced that other senior executives would take a 50 % pay cut for the next 6 months.

In this instance, the threat was to reduce the value of an organization by revealing information which should have been a well kept secret scarce within as well as scarce without. It cost company £20 million in compensation and affected the reputation of it.