GMO Payment Gateway confirms data leakage from two client websites

Maria Nikolova

The personal information that leaked includes credit card numbers, expiration dates, email addresses, names, dates of birth, and phone numbers.

Information security is key in the financial industry but problems concerning maintaining personal data safe keep emerging. GMO Payment Gateway Inc (TYO:3769), the Japanese provider of payment processing services, has sought to apologize over personal data leakage that affected the websites of two of its clients – the Tokyo Metropolitan Government and the Japan Housing Finance Agency.

The problems, which were initially detected on March 9, 2017, affected the Tokyo Metropolitan Government credit card payment site for metropolitan tax, as well as the credit card payment site for group life insurance rider of the Japan Housing Finance Agency.

In an official statement, GMO Payment Gateway apologized to customers affected and provided details on what happened.

The number of “units of information” leaked through the Tokyo Metropolitan Government website is 676,290, including 614,629 email addresses, as well as 61,661 credit card numbers and credit card expiration dates.

The number of “units” of credit card information reportedly leaked from the Japan Housing Finance Agency is 43,540, including credit card numbers, credit card expiration dates, security codes, credit card payment registration dates, addresses, email addresses, names, phone numbers, as well as dates of birth and payment joining dates.

GMO Payment explains that it started its investigation into a possible information leak on March 9, 2017, following alerts concerning the security of Apache Struts 2. It looked into the possibility of unauthorized access at the same time. About six hours after it started investigating, it found unauthorized access traces and stopped all systems running with Apache Struts 2.

On March 10, 2017, GMO Payment Gateway applied a permanent fix to all related systems and, subsequently, determined the amount of information that was possibly affected by the external unauthorized access.

Regarding future action in response to the incident, GMO Payment Gateway notes that upon consulting with the companies impacted by the leakage, it will promptly implement necessary measures to protect all of the customers affected. On top of that, considering preventive measures, GMO Payment Gateway has commenced a new system investigation that will be conducted by an information security company. GMO PG will also cooperate with the police with relation to the investigation.

Read this next

Technology

TNS connects to Tel Aviv Stock Exchange (TASE) as market data vendor

“This latest exchange connection allows TNS to provide access to approved recipients, including exchange members and market data vendors. This project includes market data for TASE’s equities and increases the number of market data feeds we now offer globally.”

Executive Moves

Cowen Digital taps ex-Blockchain.com Taylor S. Cable to lead Europe and Asia operation

“Cowen Digital is a pioneer in delivering institutional grade access to the digital asset ecosystem and I am very excited to join the team at this pivotal time to grow our presence in Europe and Asia.”

Industry News

ASIC sues American Express Australia for lack of TMD on credit cards

“ASIC has now taken multiple actions under the design and distribution regime, including issuing over 20 interim stop orders. This regime turned a new page in the regulation of financial products in Australia and is intended to deliver better outcomes for consumers. It is a priority for ASIC to maximize these increased protections and see the long-term benefits of the DDO regime realized.”

Institutional FX

Eurex reports mixed volumes for November 2022

Deutsche Börse’s derivatives-focused exchange, Eurex today said its total traded derivatives contracts grew by 10 percent in November, from 68.6 million to 75.3 million compared to the same month last year.

Digital Assets

AAX’s Nigerian customers storm local office amid withdrawal halt

According to the Nigerian media, angry consumers of the troubled crypto exchange AAX had stormed its local office hoping they can get their money back after the firm halted operations earlier in November.

Digital Assets

As SPAC bubble bursts, Circle terminates its $9 billion merger with Concord

USDC stablecoin issuer, Circle has terminated its planned $9 billion SPAC merger with publicly traded blank-check company Concord Acquisition Corp.

Institutional FX

Integral reports lowest FX volume in two years

Foreign exchange trading volumes dropped in November across Integral’s trading platforms as currency markets saw a relatively quiet period after consecutive months of strong trading activity.

Technology

CDEX: Avelacom announces connectivity to Cboe Europe Derivatives

“We anticipate that many of our customers from Asia will be particularly interested in getting exposure to pan-European products via just one venue, which CEDX offers.”

Retail FX

BUX acquires Spanish Ninety Nine’s retail brokerage unit

“Thanks to this acquisition, Ninety Nine users will have access to a wide range of services provided by BUX, such as investing in Spanish, European and US stocks, ETFs, cryptocurrencies, fractional investing and the BUX Savings Plan.”

<