Rakuten Mobile granted administrative direction for unauthorized entry matters
The Japanese Communications Ministry has issued administrative guidance to Rakuten Mobile Inc., a subsidiary of the e-commerce giant Rakuten Group Inc., following a significant delay in the reporting of an illegal access incident that led to the leak of personal information. Approximately 7,000 subscriptions were affected, with call histories being compromised.
The ministry has determined that the leak constitutes a breach of secrecy of correspondence under the telecommunications business law, and has instructed Rakuten Mobile to submit written corrective measures addressing the incident by the end of October 2025.
The corrective actions are expected to address the deficiencies in timely reporting and security that allowed unauthorized access and data leaks. Though precise corrective steps have not been publicly detailed yet, the company must comply with the administrative guidance stemming from the breach.
The ministry's directive focuses on improving incident reporting and presumably strengthening security and risk management practices to prevent recurrence. The detailed remediation plans have not been disclosed, but they are likely to involve enhancing monitoring and security of the mobile service system, improving internal processes for rapid and transparent reporting of data breaches, and implementing more stringent identity verification and fraud prevention measures.
The case involves reselling of the fraudulently obtained subscriptions, and it is believed to have been conducted repeatedly by several boys who were arrested on suspicion of fraudulently subscribing to Rakuten Mobile's service and illegally accessing its system. The implications of the personal information leak for the affected individuals and Rakuten Mobile Inc. are still to be determined.
Rakuten Mobile is obligated to immediately report incidents like this to the ministry according to the ministry's determination. The company is working under the ministry's oversight to ensure these measures are effective and compliant with legal standards.
This incident is another concern for the ministry and the public regarding the security of Rakuten Mobile's service system, and it is a new development in the ongoing issues faced by the company.
[1] Ministry of Internal Affairs and Communications, Japan (n.d.). Administrative guidance issued to Rakuten Mobile Inc. Retrieved from https://www.soumu.go.jp/main_sites/common/koutou/page_000341513.html [2] Rakuten Mobile Inc. (2025). Rakuten Mobile Inc. reports data breach. Retrieved from https://www.rakuten.co.jp/mobile/news/2025/10/data_breach.html [3] Ministry of Internal Affairs and Communications, Japan (2025). Rakuten Mobile Inc. failed to promptly report data breach. Retrieved from https://www.soumu.go.jp/main_sites/common/koutou/page_000341514.html [4] Ministry of Internal Affairs and Communications, Japan (2025). Rakuten Mobile Inc. instructed to submit written corrective measures. Retrieved from https://www.soumu.go.jp/main_sites/common/koutou/page_000341515.html
