External experts confirm data leakage from GMO Payment Gateway clients’ websites
Payment Card Forensics say no other websites were affected apart from the two initially reported to have suffered data breaches.
About three weeks have passed since Japanese provider of payment processing services GMO Payment Gateway Inc (TYO:3769) admitted that it had detected a data leakage from two of the websites of its clients. The data leakage had reportedly affected the websites of the Tokyo Metropolitan Government and the Japan Housing Finance Agency.
Today, one of the companies hired by GMO PG to investigate the leakage – Payment Card Forensics, Inc., published an update on the progress of the investigation conducted by the external experts.
Putting it briefly, Payment Card Forensics’ team agrees with the findings of GMO Payment Gateway’s report into the case. The Payment Card Forensics’ report makes the following three points:
- Illegal access to the Tokyo Metropolitan Government credit card payment site for metropolitan tax was confirmed. The data leakage on March 10, 2017, concerned credit card numbers, expiration dates, mail addresses.
- Illegal access to credit card payment site for group life insurance rider of the Japan Housing Finance Agency was confirmed. The data leakage on March 10, 2017, affected information such as credit card payment registration dates, security codes, etc.
- Unauthorized access was not confirmed for any other website apart from the two websites just mentioned.
Payment Card Forensics was amid the external experts hired by GMO Payment Gateway to help it investigate the incident and take pre-emptive measures so that such data breaches do not happen in the future. Payment Card Forensics is one of the members of the “Recurrence Prevention Committee” formed on March 14, 2017.
The websites affected by the data leakage are still struggling to tackle the consequences of the incident. For instance, on March 29, 2017, the Japan Housing Finance Agency published an update on its website concerning the incident, informing customers that they will be mailed a special guide on what to do with regards to the data breach. The customers were asked to confirm any payments made, the payment procedure used, the receipt of the guide itself, etc.
The days following the data breach saw numerous fraudulent attempts to acquire more information from affected customers, as they have been contacted by scammers presenting themselves as representatives of GMO Payment Gateway, the Japan Housing Finance Agency and the Tokyo Metropolitan Government, offering people to “help them in the aftermath of the incident” and asking for personal details and card data.