Jp: Two Salesforce incidents reportedly shut down online vaccination reservation systems, exposed other personal info

Updated May 18:  See the Salesforce statement issued May 17 that says confirming that there was no data loss or breach involving the first incident described below.

Yomiuri Shimbun reports:

A failure in a cloud computing system provided by U.S.-based IT company Inc. paralyzed COVID-19 vaccination reservation systems operated by local governments across Japan on Wednesday.


In another issue regarding services provided by Salesforce, it has been found that personal information stored by dozens of municipalities and companies in Japan could have been viewed by unauthorized third parties since the end of last year. The National center of Incident readiness and Strategy for Cybersecurity (NISC) has called for caution, warning that the risk of information leaks could increase.

Read more on The Japan News.

Salesforce San Francisco
IMAGE: Andreistanescu|Dreamstime

Salesforce did not respond to an  inquiry sent via e-mail yesterday asking if the vaccination-related incident was the result of a cyberattack or from other causes, but news coverage by The Register suggests that it was a DNS issue, citing a statement by the firm:

The team determined the root cause was related to the implementation of an emergency fix that triggered a software issue and caused a DNS network incident. To resolve the issue, the team manually restored DNS service on a data center by data center basis until normal service levels were restored.

Because Salesforce did not respond to the inquiry, we do not yet have an answer to the question about the second incident mentioned in the news report — as to whether Salesforce had actually been responsible for the security of the personal information that was disclosed.

This post will be updated if a reply is received.


About the author: Dissent

2 comments to “Jp: Two Salesforce incidents reportedly shut down online vaccination reservation systems, exposed other personal info”

You can leave a reply or Trackback this post.
  1. Marcelo - May 18, 2021

    Here is the official report about the incident “Multi-Instance Service Disruption on May 11-12, 2021”
    @Dissent, adjust the article, there was no data breach.

    • Dissent - May 18, 2021

      Thank you. That confirms no data loss for the first incident and I’ve noted that now, but I don’t see anything about the second incident that involved alleged exposure beginning last year. If you see anything on that, please send it along.

Comments are closed.