Cyber Incident Victim: 秋葉山公園県民水泳場

Between January and February 2022, Akibayama Park Prefectural Swimming Pool ("Akibasan Pool") experienced a cybersecurity incident involving suspicious emails impersonating the facility. Customers reported receiving these fraudulent communications, prompting an internal investigation. The facility confirmed that a virus had compromised their systems, enabling unauthorized actors to send malicious emails to a subset of customers who had previously corresponded with the pool via email. No technical details regarding the virus's origin, propagation method, or payload were disclosed in public communications. The incident marked the first confirmed breach of customer communication channels at the facility, though operational systems like reservation platforms or payment processing appeared unaffected based on available announcements.

On November 2, 2022, Akibasan Pool publicly disclosed a recurrence of the same email impersonation scheme, confirming that attackers again leveraged compromised systems to send fraudulent messages to customers. The facility reiterated that the attack vector remained consistent with the January-February incident, involving virus-enabled unauthorized email distribution. Both incidents caused reputational damage and operational disruptions, as evidenced by the facility's public apologies acknowledging the "significant trouble and worry" inflicted upon customers and stakeholders. No customer data theft, financial losses, or secondary attacks were explicitly reported. Response actions were limited to incident acknowledgment, customer notifications via the facility's website, and apologies. The pool did not publish details regarding virus eradication measures, system hardening, customer compensation, or coordination with law enforcement.