At least two million sets of personal data were stolen or feared leaked from 140 companies and other organisations in Japan that were hit by cyber attacks in 2015, the media reported on Monday.
Of the 140 victims, 75 said they noticed the data breaches only after police or another outside group alerted them. The victims consist of 69 private companies, 49 government agencies and their affiliates, and 22 universities, the Japan Times reported.
Among the remaining 65 organisations, 40 said they discovered on their own that they had been targeted. The Japan Pension Service, operator of the country's public pension programme, incurred the largest data theft - about 1.25 million sets of ID numbers, names, addresses and birthdates.
Security experts warned that the figures are "just the tip of the iceberg" and there could be many organisations that were victimised and do not even know it. Printing company and website producer Seki Co. in Matsuyama, Ehime Prefecture, said there is a possibility that up to 267,000 data sets - including credit card information - could have been stolen from a server for the websites of 17 companies.
Confectionery company Chateraise Co. in Kofu, Yamanashi Prefecture, said some 210,000 personal data sets were possibly leaked, while model manufacturer Tamiya Inc. in the city of Shizuoka said 107,000 may have been stolen.
Thirty-two organisations were confirmed to have come under DDoS attacks, or distributed denial of service, which are intended to paralyze a targeted website by overwhelming it with much higher than normal traffic from multiple sources.
The DDoS attacks are suspected to have been carried out against the official website of Prime Minister Shinzo Abe by the Anonymous hacker group in a sign of protest at Japan's plan to resume research whaling in Antarctica. The website became temporarily inaccessible last month.