Mie Prefecture Bans Personal USB Drives After Malware Found on Nearly 50 Devices

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Key Takeaways
  • Ban imposed: Mie Prefecture (三重県) banned personal USB drives at prefectural government offices after a malware discovery.
  • Malware found: Close to 50 USB drives across over 35 departments were infected, out of more than 10,000 devices inspected.
  • Personal devices: Almost 15 of the infected drives were employees' personal property, some of which were used without supervisor authorization.

Mie Prefecture has banned the use of personal USB drives at its prefectural government offices after malware was detected on dozens of devices used across administrative departments. The prefecture examined 10,757 USB drives across 322 departments, including prefectural offices, public health centers, and prefectural schools, in an inspection running from June 26 to July 6, 2026. 

Investigators found malware on 47 drives spread across 37 departments. Of these, 29 drives across 27 departments contained malware traced to old email data preserved during a 2023 email system migration, while 18 drives across 12 departments were contaminated through use on external terminals. 

Self-propagating Infostealer Malware

Of the 47 infected drives, 14 were employees' personal property. Until now, staff had been permitted to use their own USB drives at work provided they obtained approval from a supervisor. The permission has now been revoked entirely, closing a gap that let unmanaged, potentially compromised hardware connect to official systems. Yet, four of the drives were reportedly in use without that authorization.

Breakdown of USB drives that detected malware by their category | Source: ITmedia
Breakdown of USB drives that detected malware by their category | Source: ITmedia

The prefecture said the malware was found dormant and that no data leakage or infection has been confirmed, noting that its systems block automatic execution from USB drives and use real-time scanning as an additional safeguard. The malware was described as self-propagating and infostealer/spyware types, both characterized as classic variants. 

The cause of this incident was attributed to a failure to thoroughly scan for viruses each time a USB memory stick was used. 

A National Security Incident Cascading Into Local Government Reform

The inspection was launched after June reports that Japan's Ground Self-Defense Force (JGSDF) had used a malware-infected USB drive connected to a secure network for approximately a year without detection, prompting Mie to conduct its own emergency review. An investigation of devices used by teachers at 11 prefectural schools is ongoing.

Governor Ikken announced the ban and set out plans to strengthen the prefecture's defenses, including introducing software capable of performing automatic virus checks. Takashi Inaba, head of the prefecture's Digital Promotion Bureau, said at a July 7 press conference that although no damage occurred, the malware should have been detected via routine virus checks.

The prefecture also plans to reduce the total number of USB drives in circulation, tighten device registration and management, conduct staff training on virus-check procedures, and install dedicated terminals to inspect USB drives received from outside sources. A September 2025 report warned that identity attacks and USB malware were on the rise. 


For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: