On April 15, 2026, LiveDoor News reported that an employee of the Osaka Regional Tax Bureau had leaked taxpayer information to a scammer. The employee received a phone call from someone claiming to be a police officer and, following their instructions, sent 179 personal records and 80 corporate records (259 total) via the LINE messaging app. The employee only realized something was wrong when they consulted a colleague while still on the call, and the phone number was identified as one associated with fraud.
The incident highlights two systemic issues in Japanese government IT. First, the continued use of LINE as a communication tool in government agencies. LINE, owned by LY Corporation (formerly LINE Yahoo), has faced repeated scrutiny over data handling, including a 2021 scandal where user data was found to be accessible from servers in China. Despite this, LINE remains deeply embedded in Japanese government operations, from municipal services to internal communications. Second, Japan’s broader information security posture has been criticized as dangerously lax, with incidents ranging from USB drives containing entire city databases being lost at bars to persistent issues with the My Number identification system.
The tax bureau issued a formal apology. No details were provided about disciplinary action against the employee or what measures would be taken to protect the 259 affected taxpayers whose information is now in the hands of a criminal organization.
leaked via LINE
disciplinary action
The largest theme was straightforward disbelief. How does a tax bureau employee, someone entrusted with some of the most sensitive financial data in the country, fall for a phone scam that most civilians would recognize? Commenters questioned the hiring standards, the training protocols, and the institutional culture that produced someone capable of sending 259 records to a stranger without once pausing to verify. “Is the bar for working at the tax bureau really this low?” one commenter asked. Another suggested that AI would be a more reliable employee. The tone was less anger than bewildered contempt.
"Noah [at Unseen Japan] put together an itinerary that didn’t lock us in and we could travel at our own pace. In Tokyo, he guided us personally on a walking tour. Overall, he made our Japan trip an experience not to forget." - Kate and Simon S., Australia
The second-largest theme targeted not the employee but the infrastructure. Why is a government tax agency using LINE for anything? Commenters pointed out that LINE is a consumer app designed for personal messaging, not a secure channel for transmitting taxpayer data. The fact that the employee could even send 259 records via LINE means the system allowed it, which is an institutional failure, not just an individual one. One commenter wrote: “The moment I heard government agencies were using LINE, I knew something like this would happen.” Others connected it to the broader pattern of Japanese government IT failures, including the LINE-Naver data access scandal and chronic underinvestment in government cybersecurity.
A pragmatic cluster focused on the downstream consequences. 259 taxpayers now have their financial information in the hands of a criminal organization. High-income individuals and profitable companies on that list are now potential targets for targeted fraud, extortion, or robbery. Several commenters noted that “deaths could come from this,” referencing the trend of yami baito (dark part-time jobs) where criminals recruit people to commit burglaries based on leaked financial data about wealthy targets. The concern was not abstract: Japan has seen multiple cases of home invasions targeting wealthy individuals identified through leaked financial records.
"Noah [at Unseen Japan] put together an itinerary that didn’t lock us in and we could travel at our own pace. In Tokyo, he guided us personally on a walking tour. Overall, he made our Japan trip an experience not to forget." - Kate and Simon S., Australia
A substantial minority refused to accept the official story. Their argument: nobody working at a tax bureau is naive enough to send 259 records to an unverified caller via LINE without questioning it even once. The second most-liked comment (568 hearts) laid out the logic: create a system where leaking high-value taxpayer data can be framed as an innocent mistake, and the financial incentive becomes obvious. “Accidentally” leak the data, receive payment through untraceable channels, and face only an internal reprimand rather than criminal prosecution. Whether or not this interpretation is correct, its popularity (568 likes) reveals how deeply the public distrusts government employees’ accounts of their own mistakes.
A subset directed blame upward to management and institutional training. The employee is an idiot, these commenters agreed, but the system that hired them, failed to train them, and gave them unmonitored access to 259 taxpayer records is the real problem. Several demanded mandatory anti-fraud training for all government employees, noting that phone scams impersonating police are among the most common fraud techniques in Japan and should be covered in basic onboarding. One commenter asked: “Who hired this person? They should be punished too.”
A direct faction demanded immediate termination. “This is the minimum: dismissal for cause,” one commenter wrote. “If this gets resolved with a verbal warning, the system is broken.” Others argued that the employee should face criminal charges for violating data protection laws, not just internal discipline. The frustration was amplified by the perception that government employees in Japan are effectively unfireable, protected by civil service regulations that make termination extremely difficult even in cases of gross negligence.
A smaller but important group focused on the 259 affected taxpayers. These people had not been informed about what steps were being taken to protect them. Commenters demanded that the tax bureau send formal notification letters to every affected individual and company, provide credit monitoring, and take responsibility for any fraud that results from the leak. “They should be mailing apologies and warnings to every single one of those 259 right now,” one commenter wrote. The silence from the bureau on victim protection measures was treated as nearly as damning as the leak itself.
