Virus Leaks Power Plant Secrets Twice In Four Months

Experts at SophosLabs have reminded companies of the importance of computer security after it was revealed that sensitive information about power plants has been leaked onto the internet from a virus-infected computer for the second time in less than four months.

According to a Japanese media report, sensitive security information about a thermoelectric power plant run by the Chubu Electric Power Company has been leaked onto the internet following a virus infection.

The virus, which has not been named in the reports, is said to have spread documents regarding the plant’s security arrangements, the names and addresses of its security personnel, and other confidential information, via the popular Share file-sharing program. The incident occurred after a 40-year-old security employee installed Share on his computer in March.

Only four months ago, the power company suffered from a similar problem when they announced that more sensitive information was leaked via the Winny file-sharing program. At the time the company said it would prohibit the installation of file-sharing software on employees’ computers and better educate its staff regarding safe use of the business’s data.

“There have been a series of viruses written specifically to leak information from infected PCs onto Japanese file-sharing networks, causing embarrassing headlines for the companies concerned. Questions will surely be asked whether sufficient steps were taken to curb the problem back in January,” said Graham Cluley, senior technology consultant for Sophos. “Data breaches like this are serious, and catapult sensitive information that should be kept confidential into the public domain for anyone to download. All businesses need to take steps to ensure that employees’ use of company data is secured and controlled.”

The power plant data breach is just the latest in a series of high profile cases where viruses have leaked information from organisations in Japan.

Last month, a Japanese anti-virus company admitted that internal documents and customer information had been leaked after one of its employees failed to install anti-virus software.

Earlier this year, Sophos reported that information about Japanese sex victims was leaked by a virus after a police investigator’s computer had been infected.

In June 2005, Sophos reported that nuclear power plant secrets had been leaked from a computer belonging to an employee of Mitsubishi Electric Plant Engineering.

Sophos recommends companies protect their email gateways, desktops and servers with an automatically updated consolidated solution to defend against the threats of viruses, spyware and spam.