Another of GMO Internet’s businesses – GMO Pepabo, confirms data leakage
The online shopping business operated by the company may have leaked information from more than 11,000 credit cards.
Shortly after GMO Payment Gateway Inc (TYO:3769) sought to assert that it had implemented all measures in order to avoid repetition of the data leakage incident from March 2017, another of GMO Internet’s businesses – GMO Pepabo Inc (TYO:3633), has confirmed that its services had been affected by a malicious program.
GMO Pepabo, which provides a variety of Internet-based services, has published the results of an external forensic investigation into an incident that affected its online shopping business on January 7, 2018.
On January 7, 2018, the company detected unauthorized access that abused the function of the original application. As a result, the company found out that shop owners’ and buyers’ information possibly leaked out. GMO Pepabo shut down the operations affected in order to stop the execution of the malicious program.
In addition, the company conducted an in-house investigation to evaluate the size of damage caused. The company contacted the police and launched a forensic investigation with two security specialized agencies.
According to the forensic investigation results made available to the company on January 25, 2018, credit card data that leaked covers more than 11,000 cases. Other information, such as date of birth, addresses, etc, also leaked – the maximum number of cases affected is 77,385.
At a meeting on January 26, 2018, the company established a Recurrence Prevention Committee. The aim is to avoid the repetition of the incident.
Last week, another of GMO Internet’s businesses – GMO Payment Gateway, announced that it had implemented all measures in order to avoid repetition of the data leakage incident from March 2017. That data leakage hit two of the company’s client websites – those of the Tokyo Metropolitan Government and the Japan Housing Finance Agency. According to preliminary estimates (which were revised afterwards, with regards to “doubling of information”), the number of “units of information” leaked through the Tokyo Metropolitan Government website was 676,290, including 614,629 email addresses, as well as 61,661 credit card numbers and credit card expiration dates. The number of “units” of credit card information reportedly leaked from the Japan Housing Finance Agency was 43,540.