Nationwide, there were 3.08 million cases of confirmed or suspected cyberthefts involving the loss of personal information in 2017, a tally shows.
The tally, compiled by Kyodo News, is based on data covering security breaches at 82 entities last year comprising 76 companies, four administrative organizations and two universities. The tally was released Saturday.
The tally in 2015 was 2.07 million before shooting to 12.6 million in 2016 after the massive data leak at travel agency JTB Corp.
But the amount of damage from stolen credit card information hit an all-time high last year because such data was involved in 530,000 of the cyberthefts, or roughly a sixth of the total. In fact, the ¥17.6 billion ($166 million) in damage is roughly double the sum from 2016, according to the Japan Consumer Credit Association.
Yet these figures probably understate the extent of the problem, some experts say.
"There are entities that have yet to confirm data leaks or publicize them. It's natural to think that there are more cases of personal information leakage," said Harumichi Yuasa, a professor at the Institute of Information Security.
Companies handling private information need to have proper risk management systems in place, but some are suspected of using systems that they know are vulnerable, Yuasa added.
Eyeglass chain Jins Inc., which has stores around the country, experienced the largest data leak in 2017 after losing around 1.19 million of its customer's email addresses.
Tokyo Metropolitan Television Broadcasting Corp. was the target of the second-largest loss, around 370,000 cases, followed by the Tokyo Metropolitan Government with around 360,000 cases.
Of the 147,000 or so suspected personal data thefts at ticket company Pia Corp., around 39,000 involved credit card information.
There are also cases in which information on medical patients including names, telephone numbers and treatment details may have been leaked.