Call attention to the state of disclosure of a large number of personal information with "Trello"

It turned out that there are many cases where user information can be viewed by anyone on the Internet with a service called "Trello" used by companies for business management.

It seems that the cause was that the disclosure range was set incorrectly, but there is also personal information that seems to be a resident of a long-term care facility or an applicant for a job offer of a company, so the Cabinet Cyber ​​Security Center is calling attention. ..

"Trello," a service that allows you to share information such as business management on the Internet, is used by companies and individuals to write work schedules and share document files.

In the service, you can set the range of information disclosure, and originally, highly confidential information etc. is set and used so that only a limited number of members can see it, but for some reason anyone can see this setting. It turns out that there are many cases in which it is in a state.

According to NHK's research, it included information on driver's licenses, information on internship students at companies, information on people requiring long-term care at nursing care facilities, and personal information that appears to be applicants for jobs at temporary staffing agencies.

Regarding this, the Cabinet Cyber ​​Security Center said on the official Twitter, "Please check the setting of the disclosure range, and if it is unintentionally disclosed, please set it appropriately. When handling information on the web service, the disclosure range It is important to check the settings of. "

"Atlassian," an IT company that provides services, said that it has a mechanism to confirm the user's intention when changing from the initial setting of private to public, and said, "Currently, a problem has occurred. We are working hard to support users in order to prevent information leaks that users do not intend, such as checking the privacy settings of the board they are using. "

Chief Cabinet Secretary "No damage reports from government agencies, but pay close attention to the situation and take appropriate measures."

At a press conference in the afternoon, Chief Cabinet Secretary Kato confirmed that "a service on the Internet called" Trello "that can be used for work management, etc., allows users' information that is not properly set to be viewed from the outside. The Cabinet Cyber ​​Security Center has issued a warning to government agencies and the general public today to confirm the settings and make them appropriate. "

He added, "At this point, we have not received any reports of damage from government agencies, but we would like to continue to monitor the situation and take appropriate measures as necessary."