Utility Giant Investigates Disappearance of Customer Data Storage Device
Japanese energy provider Kyushu Electric Power has issued a public apology after a physical storage drive containing customer information linked to approximately 10.9 million accounts went missing from one of its facilities.
The company confirmed that the device was being used as part of a routine data backup process before it disappeared under circumstances that are now the subject of an ongoing investigation. While officials stressed that no banking or payment card information was stored on the drive, the incident has raised serious concerns about data security practices and physical access controls.
The missing device reportedly contained customer names, telephone numbers, and electricity usage records, making it one of the most significant physical data loss incidents disclosed by a major utility company in recent years.
Missing Drive Stored in Unlocked Cabinet
According to the company’s account of events, the storage device was used on April 27, 2026, during a routine backup operation designed to manage server capacity.
Following the completion of the task, the drive was placed inside a cabinet located within a secure server room. The area was protected by multiple layers of physical security and access restrictions. Company officials stated that only 57 authorised individuals were permitted to enter the room.
However, concerns emerged nearly a month later when IT personnel attempted to retrieve the device on May 26. During the inspection, employees discovered that the cabinet had been left unlocked and the storage drive was no longer there.
The unexpected discovery immediately triggered an internal response. Kyushu Electric began reviewing access records and interviewing personnel who had entered the server room during the relevant period. Despite those efforts, the company has been unable to locate the missing hardware.
Officials acknowledged that all possibilities remain under consideration, including the possibility that the device may have been removed without authorisation.
Millions Potentially Affected Across Kyushu Region
Kyushu Electric Power is one of Japan’s largest regional utility providers, supplying electricity to a population of roughly 12.5 million people across the Kyushu region.
Its service area includes several major prefectures, including Fukuoka, Nagasaki, Kumamoto, and Kagoshima. As a result, the disappearance of a device containing customer records has the potential to affect a significant portion of the region’s population.
The company has attempted to reassure customers by confirming that highly sensitive financial information was not stored on the drive. No bank account details, credit card numbers, or payment credentials were included in the backup data.
Nevertheless, customer names, phone numbers, and electricity consumption records remain valuable forms of personal information. Cybersecurity experts frequently warn that such data can be exploited in social engineering campaigns, phishing attacks, or identity related fraud when it falls into the wrong hands.
At this stage, Kyushu Electric says there is no evidence that the data has been accessed, leaked, or misused. However, the inability to recover the device has forced the company to treat the matter as a serious security incident.
Regulators Demand Answers as Investigation Continues
The incident has now attracted the attention of Japanese regulators.
Kyushu Electric confirmed that it has reported the matter to Japan’s Personal Information Protection Commission as well as other relevant government agencies. Authorities have been informed about the circumstances surrounding the disappearance and the company’s ongoing efforts to locate the device.
The Japanese Ministry of Economy, Trade, and Industry has reportedly instructed the utility provider to submit a detailed report by July 8, 2026. The report is expected to outline the sequence of events, findings from the investigation, and measures that will be implemented to prevent similar incidents in the future.
The case highlights how physical security remains a critical component of modern data protection strategies. While organisations often focus heavily on defending against cyberattacks, the loss of a single storage device can expose vast amounts of information if strict handling and storage procedures are not followed.
For now, Kyushu Electric continues its search for the missing drive while regulators and customers await answers about how a device containing data associated with nearly 11 million accounts could disappear from a supposedly secure environment.
Follow TechBSB For More Updates
