Pay cuts, apologies and cybersecurity improvements at GMO Pepabo after data leakage incident
The top managers of the business are accepting salary cuts of up to 30% in a move to show that they take such incidents seriously.
GMO Pepabo Inc (TYO:3633), a part of GMO Internet, has sought to tackle reputation damage caused by the latest cybersecurity incident that affected its services on January 7, 2018. In an announcement out earlier today, GMO Pepabo provided more information on how it plans to avoid recurrence of such incidents in the future.
The measures include the implementation of a special web application firewall (WAF) that is set to prevent intrusion into GMO Pepabo’s web applications. The company also plans to conduct regular audits, periodic vulnerability checks and penetration tests. Information security will be managed by a newly established department.
In addition, a special internal improvement committee has been formed in order to strengthen the governance system and corporate culture at the company. The management is taking its share of responsibility for the incident, with top-ranking officers, including GMO Pepabo’s President and Managing Director, accepting pay cuts of up to 30%.
The company has confirmed that it has identified the root cause of the incident but is not providing any information as the matter is sensitive.
Let’s recall that the incident in question occurred on January 7, 2018. The company detected unauthorized access that abused the function of the original application. As a result, the company found out that shop owners’ and buyers’ information possibly leaked out. GMO Pepabo shut down the operations affected in order to stop the execution of the malicious program.
In addition, the company conducted an in-house investigation to evaluate the size of damage caused. The company contacted the police and launched a forensic investigation with two security specialized agencies.
According to the forensic investigation results made available to the company on January 25, 2018, credit card data that leaked covers more than 11,000 cases. Other information, such as date of birth, addresses, etc, also leaked – the maximum number of cases affected is 77,385.