Kyushu Electric Power Transmission and Distribution Co. has disclosed that an external storage device used for system backups has gone missing from a secure server room.
While no evidence of data leakage has been identified so far, the company warns that the device contained personal and usage-related data for 10.9 million customers.
The incident was announced by the Japanese utility provider earlier this week, after an internal investigation failed to recover the missing backup media. According to the company, the device was being used as a temporary backup solution after capacity constraints affected the system's primary backup infrastructure.
The missing storage media contained customer information, including names of electricity consumers, service location addresses, electricity consumption data, telephone numbers, and the names of retail electricity providers. The company emphasized that bank account details and credit card information were not stored on the device.
Kyushu Electric Power Transmission and Distribution is one of Japan's major regional power grid operators, responsible for electricity transmission and distribution across the Kyushu region. The company manages critical energy infrastructure and serves millions of residential and business customers, making the potential exposure particularly significant due to the scale of the affected records.
The backup device was last confirmed to be in storage on April 27, 2026, after a backup operation was completed. The issue was discovered on May 26, when personnel preparing for a scheduled backup found that the media was no longer in its designated storage location.
The utility stated that its servers are housed in a server room protected by multiple layers of security controls, and backup operations are performed within that restricted environment. Access to the room is tightly controlled, with only authorized personnel permitted entry. However, the company acknowledged that the cabinet where the external storage device was kept was not locked, despite being located within the secure facility.
Following the discovery, investigators conducted interviews with individuals who entered the server room between April 27 and May 26 and carried out on-site searches. Despite these efforts, the storage device has not been recovered. The company said it is also examining the possibility that the media may have been removed without authorization, though no conclusion has been reached yet.
The announcement did not specify whether the missing backup media was encrypted, a factor that could significantly affect the risk posed by the disappearance.
Kyushu Electric Power Transmission and Distribution has reported the incident to Japan's Personal Information Protection Commission and the relevant supervisory authorities. The company also plans to notify affected customers individually while continuing efforts to locate the missing device.
Leave a Reply