GMO Payment Gateway submits report with Japan’s Ministry of Economy, Trade and Industry over data leakage
More than a month after the incident, the investigation continues with GMO Payment Gateway having filed a report into the case with the Japan’s Ministry of Economy, Trade and Industry.
More than a month has passed since Japanese provider of payment processing services GMO Payment Gateway Inc (TYO:3769) confirmed that personal data leakage that had affected the websites of two of its clients – the Tokyo Metropolitan Government and the Japan Housing Finance Agency.
The issue was so severe that it has sparked concerns of such government institutions like Japan’s Ministry of Economy, Trade and Industry (METI) which has referred to the Act on the Protection of Personal Information to demand a special report from GMO PG into the data leakage.
GMO Payment Gateway filed the report on Monday, April 17, 2017. The METI requests that the report contains details on the handling and management of personal information, on the progress of investigations, as well as on measures implemented to prevent the recurrence of the harmful situation.
At the end of last week, GMO Payment Gateway updated the numbers for the data leaked, referring to “doubling of information”.
According to the initial assessments, the number of “units of information” leaked through the Tokyo Metropolitan Government website was 676,290, including 614,629 email addresses, as well as 61,661 credit card numbers and credit card expiration dates. The number of “units” of credit card information reportedly leaked from the Japan Housing Finance Agency was 43,540, including credit card numbers, credit card expiration dates, security codes, credit card payment registration dates, addresses, email addresses, names, phone numbers, as well as dates of birth and payment joining dates. The revised data lowers the numbers nearly two times.
Shortly after GMO Payment Gateway confirmed the data leak, it announced the establishment of a “Recurrence prevention committee”, which has 11 members, including several external experts from companies like TMI Associates and Payment Card Forensics, Inc. The latter investigates security incidents and offers consultation and assessment to prevent data breaches.
Early in April, Payment Card Forensics published their report into the leakage, confirming findings of GMO Payment Gateway’s internal investigation into the matter. The external experts said unauthorized access was not confirmed for any other website apart from the two websites initially reported to have been affected.