GMO Payment Gateway confirms data leakage from two client websites

Maria Nikolova

The personal information that leaked includes credit card numbers, expiration dates, email addresses, names, dates of birth, and phone numbers.

Information security is key in the financial industry but problems concerning maintaining personal data safe keep emerging. GMO Payment Gateway Inc (TYO:3769), the Japanese provider of payment processing services, has sought to apologize over personal data leakage that affected the websites of two of its clients – the Tokyo Metropolitan Government and the Japan Housing Finance Agency.

The problems, which were initially detected on March 9, 2017, affected the Tokyo Metropolitan Government credit card payment site for metropolitan tax, as well as the credit card payment site for group life insurance rider of the Japan Housing Finance Agency.

In an official statement, GMO Payment Gateway apologized to customers affected and provided details on what happened.

The number of “units of information” leaked through the Tokyo Metropolitan Government website is 676,290, including 614,629 email addresses, as well as 61,661 credit card numbers and credit card expiration dates.

The number of “units” of credit card information reportedly leaked from the Japan Housing Finance Agency is 43,540, including credit card numbers, credit card expiration dates, security codes, credit card payment registration dates, addresses, email addresses, names, phone numbers, as well as dates of birth and payment joining dates.

GMO Payment explains that it started its investigation into a possible information leak on March 9, 2017, following alerts concerning the security of Apache Struts 2. It looked into the possibility of unauthorized access at the same time. About six hours after it started investigating, it found unauthorized access traces and stopped all systems running with Apache Struts 2.

On March 10, 2017, GMO Payment Gateway applied a permanent fix to all related systems and, subsequently, determined the amount of information that was possibly affected by the external unauthorized access.

Regarding future action in response to the incident, GMO Payment Gateway notes that upon consulting with the companies impacted by the leakage, it will promptly implement necessary measures to protect all of the customers affected. On top of that, considering preventive measures, GMO Payment Gateway has commenced a new system investigation that will be conducted by an information security company. GMO PG will also cooperate with the police with relation to the investigation.

Read this next

Institutional FX

Integral also grapple with weak FX volumes in December

Foreign exchange trading volumes dropped in December across Integral’s trading platforms as many traders were away on annual leave and currency markets saw a relatively quiet period. December volumes outpaced those of last year, though turnover is still down month-over-month.

Digital Assets

BitMEX to turn German bank into regulated crypto products powerhouse in Europe

The historic German bank is already a leader in the application of blockchain technology and offers a range of digital assets banking services, including custody, tokenization, efficient payment transactions, and regulatory secure market access.

Industry News

CryptoUK appoints Teana Baker-Taylor as non-executive director

“CryptoUK is moving the needle on policy and regulatory framework development to ultimately build trust and protect all participants, from retail investors to the crypto industry players”

Retail FX

Skilling raises €10m to expand brokerage further after triple-digit growth in 2021

“This fundraising round represents the beginning of the next phase of Skilling’s growth as we further assert ourselves in the fintech industry”

Industry News

oneZero adds two more FX veterans, Indu Maheshwari and Kevin Verardi

The news of Indu and Kevin’s appointments comes a month after Jim Sullivan was announced as the company’s General Counsel, where he will be responsible for the company’s global legal function, based in New York.

Technology

Pareto Securities goes live with Broadridge’s OMS for low and high touch agency trading

The solution combines order management, market connectivity and smart order router (SOR) components developed by Itiviti, which was acquired by Broadridge last year in a $2.5 billion deal.

Retail FX

INGOT Brokers taps Acquity and Signal Centre for MT4/5 EAs and news analytics

INGOT Brokers is helping traders cut through the noise and get a clearer picture of the emerging market trends as well as better spot trading opportunities with AI-powered signals.

Digital Assets

Can the Ripple lawsuit be traded with Wrapped XRP to circumvent XRP delisting in US?

wXRP is a derivative product that is pegged to the digital asset that the SEC claims to be a security in what has been dubbed “the cryptocurrency lawsuit of the century”.

Digital Assets

e-CNY wallet downloads swell, but actual usage disappoints

China’s central bank has released a wallet app for payments and money transfers using the digital yuan earlier this month. Although the e-CNY wallet was the most downloaded app in January, but according to a Reuters report the actual use in transactions has been far less impressive.

<