In April 2025, IIJ disclosed a serious cyber attack on its Secure MX service, impacting potentially 4.07 million email accounts. Initial estimates indicated widespread data breach concerns, though investigations later narrowed confirmed cases to 586, revealing the complexities of effective incident detection and response. The attack leveraged a zero-day vulnerability in third-party software, Active! mail, allowing hackers to access the system undetected for eight months, raising questions about the efficacy of traditional security measures.
The incident exemplifies the need for enhanced threat detection strategies. IIJ’s proposed solutions, including behavior detection enhancements and multilayered WAFs, reflect the urgency for businesses to adapt to evolving cyber threats. Furthermore, regulatory bodies recognized the incident’s implications, prompting administrative scrutiny for the protection of personal data and communications. This incident serves as a crucial reminder of the importance of robust data management and minimization practices to mitigate vulnerabilities and potential follow-up breaches.
👉 Pročitaj original: CIO Magazine
