MyNumber Portal Privacy Protection Guide 2026 | Safe Use of Health Insurance, Tax, and Pension Data
Overview
As of 2026, Japan's MyNumber Card adoption rate has reached approximately 87% (about 109 million people). According to the Digital Agency's "MyNumber Portal Usage Trends 2025," usage for health insurance linkage, pension record checks, tax filing, and resident certificate issuance is surging. MyNumber Portal provides integrated access to a wide range of government services including: (1) use as a health insurance card (presented at medical institutions), (2) tax information (tax returns, withholding slips), (3) pension records (old-age, disability, survivor pensions), (4) childcare-related procedures, and (5) online acquisition of resident certificates and seal registration certificates. At the same time, the centralization of large volumes of sensitive information has made new privacy threats apparent: (1) the scope of damage in the event of unauthorized access is extremely broad, (2) phishing fraud via fake MyNumber Portal sites is rapidly increasing, and (3) risk in the event of smartphone loss.
This article presents a comprehensive protection strategy for MyNumber Card holders as of June 2026, combining practical privacy protection for MyNumber Portal with SecureSS VPN usage. It covers safe operation across three pillars — health insurance linkage, tax information, and pension records — as well as phishing countermeasures, proxy access management for family members, and emergency response protocols. This is practical content directly relevant to the safe operation of government data for MyNumber Portal users, those currently handling tax returns, supporters of elderly family members, and proxy agents for administrative procedures.
Why Security Matters Today
Privacy protection for MyNumber Portal directly reduces practical risk in the following five scenarios. These are drawn from cases published by the Digital Agency, Personal Information Protection Commission, and National Consumer Affairs Center in 2025-2026.
- Credential leakage and unauthorized access damage from phishing fraud via fake MyNumber Portal sites
- Risk of unintended third-party access to health insurance-linked medical data and medical history
- Theft of income and asset information through unauthorized acquisition of tax return data and tax information
- Establishment of a basis for fraud against the elderly and bereaved through unauthorized reference to pension records and survivor pension information
- Risk of full information access via MyNumber Card and PIN in the event of smartphone loss or theft
SecureSS's Shadowsocks-based VPN fully encrypts all communications when using MyNumber Portal, providing complete protection against interception of credentials and session information over untrusted networks such as public Wi-Fi, cafes, and co-working spaces. Combined with DNS-based blocking of fake sites impersonating MyNumber Portal, this provides multi-layered defense. This article presents comprehensive protection combining SecureSS with administrative procedure operating rules.
How to Approach It
Step 1: Review Basic Security Settings for MyNumber Portal
Review of MyNumber Portal basic security settings is organized in five stages. Stage 1 is "Confirming Login Authentication Method": (1) MyNumber Card + PIN (traditional method, highest security), (2) smartphone digital certificate (2024 onward, high convenience), (3) password + SMS two-factor (emergency only), (4) PIN configuration check, and (5) periodic review of login history. Stage 2 is "Physical Management of MyNumber Card": (1) secure storage in wallet or card case, (2) keeping PIN notes separate (stored in a different location), (3) family sharing of emergency contact for lost cards (MyNumber General Free Dial 0120-95-0178), (4) careful handling when traveling, and (5) periodic PIN updates (recommended every 3 years). Stage 3 is "Management of Smartphone Digital Certificate": (1) strengthening smartphone lock settings (6+ alphanumeric/symbol characters), (2) understanding procedures for immediate invalidation when smartphone is lost, (3) periodic updates of digital certificate PIN, (4) deletion from old device when changing smartphones, and (5) prohibition of proxy use by family members. Stage 4 is "Management of Health Insurance Linkage": (1) confirming linkage enabled/disabled status, (2) monthly review of usage history at medical institutions, (3) early detection of abnormal medical institution access, (4) careful review of notifications from health insurance association, and (5) information updates upon relocation or job change. Stage 5 is "Management of Public Fund Receipt Account": (1) periodic confirmation of registered account, (2) immediate update when bank account changes, (3) consolidation when holding multiple accounts, (4) notification settings for public fund receipt, and (5) immediate confirmation of abnormal deposits or withdrawals. These five stages of basic settings review will significantly improve the security of MyNumber Portal.
Step 2: How to Identify MyNumber Portal-Related Phishing Fraud
The five major patterns of MyNumber Portal-related phishing fraud are organized by identification criteria and countermeasures. Pattern 1 is "Impersonation of MyNumber Portal Itself": typical examples include "[MyNumber Portal] Unauthorized access detected, re-authentication required [fake URL]" and "[MyNumber Card] Emergency update procedure [fake URL]." Identification criteria: (1) only the official URL "myna.go.jp" is legitimate, (2) any other domain (MyNumber Portal + other characters) is fake, (3) never tap links in SMS or email, (4) access only by launching the official app or searching independently, and (5) when in doubt, call the MyNumber General Free Dial (0120-95-0178). Pattern 2 is "Impersonation of Health Insurance Linkage": typical examples include "[Ministry of Health, Labour and Welfare] Confirmation of medical expense deduction data [fake URL]" and "Health insurance card renewal procedure [fake URL]." Identification criteria: (1) official URL is "mhlw.go.jp," (2) any request to re-enter personal or account information is definitely fraud, (3) direct phone confirmation with health insurance association, (4) independent confirmation via MyNumber Portal, and (5) consultation with family medical professionals. Pattern 3 is "Impersonation of Tax Office / Tax Return": typical examples include "[National Tax Agency] Additional data submission for tax return [fake URL]" and "[e-Tax] Refund receipt procedure [fake URL]." Identification criteria: (1) official URLs are "nta.go.jp" and "e-tax.nta.go.jp," (2) tax payments are made only by bank transfer, convenience store, or credit card — electronic money or cryptocurrency payments are not available, (3) any demand for immediate action is fraud, (4) direct phone call to the local tax office, and (5) consultation with a tax accountant. Pattern 4 is "Impersonation of Pension Agency": typical examples include "[Japan Pension Service] Pension record confirmation procedure [fake URL]" and "New application notice for survivor pension [fake URL]." Identification criteria: (1) official URL is "nenkin.go.jp," (2) the Pension Service basically uses postal notifications, (3) any request to re-enter personal or banking information is fraud, (4) confirmation via the Nenkin Dial (0570-05-1165), and (5) consultation with family or a social insurance labor consultant. Pattern 5 is "Impersonation of Local Government / Resident Certificate": typical examples include "[XX Ward Office] Resident certificate data confirmation procedure [fake URL]" and "MyNumber Card pick-up procedure [fake URL]." Identification criteria: (1) each municipality's official domain ("city.XX.lg.jp," "pref.XX.lg.jp," etc.), (2) resident certificate issuance is via MyNumber Portal or in-person at city hall, (3) any request to re-enter personal information is fraud, (4) direct phone call to city hall, and (5) consultation with family or an administrative scrivener. These five pattern identification criteria will significantly reduce phishing damage related to MyNumber Portal.
Step 3: Using SecureSS and Managing Family / Proxy Operations
SecureSS usage and family/proxy operations are organized into five components. Component 1 is "Mandatory VPN for MyNumber Portal Use": enable SecureSS "Auto-Connect" and "Kill Switch" to fully encrypt all MyNumber Portal communications over home Wi-Fi, public Wi-Fi, and mobile networks. This provides complete protection against interception of health information, tax information, and pension information communications. Component 2 is "DNS Blocking of Fake MyNumber Portal Sites": using SecureSS "Secure DNS" to block (1) fake sites impersonating MyNumber Portal, (2) fake sites impersonating the Ministry of Health, Labour and Welfare and National Tax Agency, (3) fake sites impersonating local governments, and (4) entry points for phishing via SMS and email. Component 3 is "Proxy Access Management for Family Members": (1) mandatory presence of the person when supporting elderly parents, (2) keeping records of proxy logins, (3) special management for children who hold MyNumber Cards, (4) not sharing PINs between family members, and (5) preparing emergency proxy access procedures. Component 4 is "Immediate Response to Smartphone Loss or Theft": sharing with family the procedures for (1) immediate call to MyNumber General Free Dial (0120-95-0178), (2) immediate invalidation of smartphone digital certificate, (3) remote wipe via Apple Find My / Google Find My, (4) suspension of bank and card usage, and (5) filing a lost/stolen report with police. Component 5 is "Regular Review of Usage History": (1) monthly review of MyNumber Portal usage history, (2) monthly review of health insurance card usage history, (3) annual review of pension records, (4) confirmation of public fund receipt account, and (5) immediate action when anomalies are detected. SecureSS's monthly plan at 500 yen/month and family plan at 1,500 yen/month are economical investments that support ongoing protection of government service usage including MyNumber Portal. The combination of these five components enables the long-term safe operation of MyNumber Portal.
Summary
Q: What is the top priority action when a MyNumber Card is lost?
A: When a MyNumber Card is lost, take the following 5 steps within 30 minutes. Step 1: Call the MyNumber General Free Dial (0120-95-0178), available 24 hours, to request suspension. Step 2: File a lost property report with the police to establish a contact route if found. Step 3: Contact your local municipal office to begin the reissuance procedure. Step 4: Notify your bank and credit card companies simultaneously to protect your public fund receipt account and others. Step 5: Inform family and relevant parties to establish a communication network for fraud prevention. Reissuance typically takes 1-2 months; during that time, the traditional health insurance card may be needed at medical institutions. It is important to prepare and share an emergency procedure document with your family in advance.
Q: Which is safer — using the smartphone digital certificate or the physical card?
A: The relative safety depends on the usage scenario. Benefits of the physical card: (1) independence from smartphones, (2) cannot be used without the PIN even if the card is stolen, and (3) long track record of reliable use. Benefits of the smartphone digital certificate: (1) convenience of not needing to carry the card, (2) multi-factor authentication via smartphone lock, and (3) immediate invalidation when lost. The practical recommendation is to use them according to the situation: (1) everyday small-scale procedures (resident certificate, tax confirmation, etc.) → smartphone digital certificate; (2) important procedures (pension records, large refund applications, etc.) → physical card + in-person procedure; and (3) overseas use → bring the physical card. Using both in combination is the most practical approach, with the choice balancing safety and convenience according to the situation.
Q: What should I be careful about when supporting elderly parents' use of MyNumber Portal as a family?
A: Five points to note when supporting elderly parents in using MyNumber Portal. Point 1: "Presence of the person is mandatory" — even when a family member operates on their behalf, it must be done with the person's understanding and consent; unauthorized access is also legally problematic. Point 2: "Do not share PINs" — even among family, only the person themselves should know the PIN; if a memo is shared, the person should keep it. Point 3: "Regular usage confirmation" — review monthly usage history together with the person and family for early anomaly detection. Point 4: "Advance education about phishing fraud" — share the latest fraud patterns monthly with the person to maintain basic knowledge for independent judgment. Point 5: "Emergency response procedures" — write down contact information and procedures for lost cards and fraud incidents on paper and share with the person and family. It is important to build a family support structure while respecting the person's independence.
MyNumber Portal use in 2026 requires three layers — authentication management, phishing countermeasures, and proxy operations — for safe operation of personal information and government data. SecureSS's Shadowsocks-based VPN provides communication protection when using government services such as MyNumber Portal at 500 yen/month or 1,500 yen/month for the family plan. During the 5-day free trial period, you can experience the protection of government data communications in your own environment.