Financial institutions hurry to respond to the alarm of the FSA and illegal access to goods from the sales force

Since a sequence of improper access to firms using some salesforce.com cloud systems was uncovered at the end of 2020, large financial institutions are being compelled to respond. A alert on this issue has been provided by the Financial Services Regulator, and financial institutions are scrambling to clarify whether access privileges are sufficient for Salesforce goods. There are a wide range of financial institutions, such as banks and life and non-life insurance providers, that use Salesforce services, and it seems that it will take time to fix the problem.

The Financial Services Regulator released an alert. A third party will unlawfully access the details managed in the sales force cloud with guest user rights if multiple requirements are met. The Financial Services Agency encouraged checks and countermeasures to report promptly to the Finance Bureau and advised financial institutions meeting the requirements in question to report promptly.

An official of a non-life insurance corporation said, “We are in the process of confirming the work, including the group companies.” On the other hand, Post Bank said, “We have not confirmed the fact that customer information was leaked in our service using Salesforce service” (Public Relations Department). The device that handles information about consumers is set so that it can not be seen from the outside.

Unauthorized access has also been noticed on Rakuten and PayPay with respect to the sales force service. A third party outside the company was viewing some of the information contained in the cloud-based revenue management system at Rakuten, Rakuten Card, and Rakuten Edy. PayPay is known to provide access from Brazil to a system that handles sales data about member stores.

Any Salesforce cloud customer firms have protested about the distribution of information by the sales force at the time of software renewal in 2016, which was the beginning of unauthorized access. In the future, it appears to be a debate.