Sumitomo Life Confirms Improper Data Acquisition by Seconded Staff; Target Set to Withdraw All Agency Secondees by March 2026
Sumitomo Life Insurance Company has released the findings of an internal investigation, confirming that employees seconded to independent insurance agencies engaged in the improper acquisition of sensitive business information.
The investigation, which spanned operations from April 2022 through October 2025, revealed that seconded staff transmitted proprietary data back to Sumitomo Life’s agency department using inappropriate channels, including personal smartphones and physical transfers of hard copies.
According to the report, the breach affected eight agencies and involved the unauthorized transfer of 780 distinct items of information. The leaked data primarily consisted of agency insurance sales records, performance evaluation criteria for sales personnel, and confidential product information regarding other life insurance companies.
Sumitomo Life stated that the information was subsequently shared among executives and staff within its agency department. The data was purportedly used to align operational support with agency strategies and to assist in managing sales personnel.
While the insurer’s probe found no evidence of organized directives from senior management to conduct these illicit activities, nor any evidence that the data was shared with third parties outside the company, the findings highlight significant governance lapses. The company attributed the root cause to a lack of proper management oversight and insufficient compliance education for seconded staff, noting that many employees acted on requests for information from internal departments or followed precedents set by predecessors under the guise of "effective support."
In response to the scandal and complying with revised regulatory supervisory guidelines regarding excessive corporate favors and secondments, Sumitomo Life has announced a sweeping overhaul of its compliance framework.
Key remedial measures include:
- Termination of Secondments: The company is accelerating the recall of seconded employees, targeting a complete withdrawal (zero seconded staff) by the end of March 2026.
- Device Recall & Monitoring: Immediate recovery of work PCs and smartphones from seconded staff, alongside a ban on using personal devices for business communications.
- Enhanced Surveillance: Implementation of stricter monitoring protocols for email and intranet usage by relevant officers and staff.
Sumitomo Life expressed deep regret to the affected agencies and stakeholders. The company emphasized that while the unauthorized data transfer occurred, inquiries with the affected agencies yielded no formal complaints regarding violations of the Unfair Competition Prevention Act.
Norbert Gehrke
