External experts confirm data leakage from GMO Payment Gateway clients’ websites

Maria Nikolova

Payment Card Forensics say no other websites were affected apart from the two initially reported to have suffered data breaches.

Binarystation launches enterprise solution and provides source code to brokers

About three weeks have passed since Japanese provider of payment processing services GMO Payment Gateway Inc (TYO:3769) admitted that it had detected a data leakage from two of the websites of its clients. The data leakage had reportedly affected the websites of the Tokyo Metropolitan Government and the Japan Housing Finance Agency.

Today, one of the companies hired by GMO PG to investigate the leakage – Payment Card Forensics, Inc., published an update on the progress of the investigation conducted by the external experts.

Putting it briefly, Payment Card Forensics’ team agrees with the findings of GMO Payment Gateway’s report into the case. The Payment Card Forensics’ report makes the following three points:

  • Illegal access to the Tokyo Metropolitan Government credit card payment site for metropolitan tax was confirmed. The data leakage on March 10, 2017, concerned credit card numbers, expiration dates, mail addresses.
  • Illegal access to credit card payment site for group life insurance rider of the Japan Housing Finance Agency was confirmed. The data leakage on March 10, 2017, affected information such as credit card payment registration dates, security codes, etc.
  • Unauthorized access was not confirmed for any other website apart from the two websites just mentioned.

Payment Card Forensics was amid the external experts hired by GMO Payment Gateway to help it investigate the incident and take pre-emptive measures so that such data breaches do not happen in the future. Payment Card Forensics is one of the members of the “Recurrence Prevention Committee” formed on March 14, 2017.

The websites affected by the data leakage are still struggling to tackle the consequences of the incident. For instance, on March 29, 2017, the Japan Housing Finance Agency published an update on its website concerning the incident, informing customers that they will be mailed a special guide on what to do with regards to the data breach. The customers were asked to confirm any payments made, the payment procedure used, the receipt of the guide itself, etc.

The days following the data breach saw numerous fraudulent attempts to acquire more information from affected customers, as they have been contacted by scammers presenting themselves as representatives of GMO Payment Gateway, the Japan Housing Finance Agency and the Tokyo Metropolitan Government, offering people to “help them in the aftermath of the incident” and asking for personal details and card data.

Read this next

Institutional FX

Euronext reports double-digit growth in FX volume

Pan-European exchange, Euronext has reported a 10 percent rebound in the average daily volume on its spot foreign exchange market. The ADV figure stood at $19.6 billion in January 2022, which is up from December’s $18 billion.

Digital Assets

Voyager subpoenas FTX’s inner circle over Alameda loan

Bankrupt crypto broker Voyager Digital, represented by law firm Kirkland & Ellis, is seeking court approval to subpoena Sam Bankman-Fried’s inner circle, as well as Alameda Research’s former executives.

Retail FX

AvaTrade seals sponsorship deal with F1’s Aston Martin team

Dublin-based forex broker AvaTrade today announced that it has concluded a sponsorship deal with Formula One’s Aston Martin Cognizant team that entails sponsorship rights and other marketing benefits.

Executive Moves

M4Markets onboards Invaxa CEO Marios Antoniou as COO

Seychelles-regulated brokerage firm M4Markets has appointed Marios Antoniou, who has a colorful career within the foreign exchange industry, in the capacity of its Chief Operations Officer.

Digital Assets

GK8 now allows clients to control their digital assets as they would their fiat

“As the institutional market is increasingly turning to self custody, our policy engine empowers them to automate transactions, approvals, and even crucial workflows, while providing the highest degree of security, consistency, governance and control.”

Digital Assets

Retail CBDCs in the UK: “Welcomed” by CryptoUK and R3, but “Dystopian” for ETC Group

“At this stage, we judge it likely that the digital pound will be needed in the future. It is too early to decide whether to introduce the digital pound, but we are convinced preparatory work is justified”, said the BoE and HM Treasury.

Institutional FX

Centroid taps Iress API to provide retail brokers with real-time market data

“It has always been a challenge to have an efficient, elegant solution for market data and order execution for retail brokers, but with Iress we have found absolutely the right partner to add to our client offering.”

Digital Assets

Ramp launches FCA-approved off-ramp product, onboards Brave, Trust Wallet, Ledger

“To obtain and maintain our FCA registration, we must meet and operate within their strict anti-money laundering and counter-terrorist financing standards. This is a huge achievement for us, as compliance is a cornerstone of our business and what we stand for.”

Institutional FX

State Street launches FIX API for Fund Connect ETF platform

“Expanding from proprietary APIs to the FIX industry standard will bring us closer to our goal of 100% digital interactions. This is another example of innovations we’ve brought to our operating model as we celebrate 30 years of servicing ETFs since the launch of SPY.”