On January 6, 2012, the Japan Aerospace Exploration Agency (JAXA) found that a computer terminal used by one of our employees was infected with a computer virus, and information stored in the computer as well as system information that is accessible by the employee have been leaking outside.
We are now confirming the leaked information and investigating the cause.
1. Possible leaked information
As the computer was used by an employee who is involved in the H-II Transfer Vehicle (HTV, a cargo transporter to the International Space Station,) the following information was potentially compromised.
- Stored mail addresses
- Specification and operation information of the HTV
- System log-in information accessed from the computer
2. Currently confirmed background
On August 11, 2011, some anomaly was detected in the said computer, thus it was detached from the network for checking. As a result, on August 17, we found that the computer was infected with a virus. The virus was removed, but the computer has continuously been monitored and investigated since then because it was still unstable and displayed abnormalities. On January 6, 2012, we found a trace that a different virus had gathered information from the computer. In addition, it was also discovered that the computer sent out some information sometime between July 6 and August 11.
With the above backdrop, passwords for all accessible systems from the computer have been immediately changed in order to prevent any abuse of possibly leaked information, and we are currently investigating the scale of damage and the impact. Also, all other computer terminals are being checked for virus infections.
3. Further steps to take
We sincerely apologize over such trouble, and we will promptly address the following measures while strengthening our information security in order to prevent any recurrence, as we gravely regret this incident.
- Specify leaked information and investigate the cause.
- Take measures to prevent a recurrence according to the investigation.
- Call attention and caution the person if his or her personal information is found to have been leaked.