GMO Payment Gateway implements extra measures following data leakage
GMO Payment Gateway is establishing a “recurrence prevention committee”, following credit card data leakage from two of its customers’ websites.
Japanese provider of payment processing services GMO Payment Gateway Inc (TYO:3769) today reiterated its commitment to personal data safety, following a credit card data leakage that affected the websites of two of its clients – the Tokyo Metropolitan Government and the Japan Housing Finance Agency.
GMO Payment Gateway conducted a meeting of its Board of Directors earlier today, with the incident being the central topic of discussion. A decision has been made to establish a special committee (“recurrence prevention committee”) that will seek to prevent such incident from happening in the future.
The committee has 11 members, including several external experts from companies like TMI Associates – which (inter alia) offers corporate law, finance and risk management services. Another company to throw its weight behind the new committee is Payment Card Forensics, Inc., which investigates security incidents and offers consultation and assessment to prevent data breaches.
The committee will conduct tests to verify that the system is capable of withstanding future attacks and will further bolster safeguards using the expertise of internal and external experts.
The information leak was first detected on March 9, 2017 and GMP PG managed to implement a permanent fix on affected systems on March 10, 2017. The investigation has confirmed unauthorized access by a third party that has led to credit card data leakage from the Tokyo Metropolitan Government credit card payment site for metropolitan tax, as well as the credit card payment site for group life insurance rider of the Japan Housing Finance Agency.
The number of “units of information” that the internal investigation found had leaked through the Tokyo Metropolitan Government website is 676,290, including 614,629 email addresses, as well as 61,661 credit card numbers and credit card expiration dates.
The number of “units” of credit card information reportedly leaked from the Japan Housing Finance Agency is 43,540, including credit card numbers, credit card expiration dates, security codes, credit card payment registration dates, addresses, email addresses, names, phone numbers, as well as dates of birth and payment joining dates.