Security measures after information leakage cost GMO Payment Gateway $2.4 million
The company books JPY 270 million (USD 2.4 million) extraordinary loss for the second quarter of the fiscal year to September 30, 2017, because of the credit card information leak.

Information security is a money-sensitive issue for financial services firms, with the precise cost of an incident related to a data breach just determined by Japanese provider of payment processing services GMO Payment Gateway Inc (TYO:3769).
In its report for the second quarter of the fiscal year to September 30, 2017, the company said it incurred extraordinary losses of JPY 270 million (USD 2.4 million) during the period with relation to the incident from early March this year, which saw a third party gain unauthorized access to personal credit card data from the websites of two of GMO Payment Gateway’s partners – the Tokyo Metropolitan Government and the Japan Housing Finance Agency.
The losses reflect expenses for implementing various security measures after the incident. According to preliminary estimates, the number of “units of information” leaked through the Tokyo Metropolitan Government website is 676,290, comprising 614,629 email addresses, 61,661 credit card numbers and credit card expiration dates. The number of “units” of credit card information reportedly leaked from the Japan Housing Finance Agency is 43,540, with this number including credit card numbers, credit card expiration dates, security codes, credit card payment registration dates, addresses, email addresses, names, phone numbers, as well as dates of birth and payment joining dates. The numbers were subsequently revised to avoid doubling of information.
Following the incident, GMO Payment Gateway has published a number of reports to update its customers, partners and investors on the reasons for the leakage and its consequences. The company has formed a special “Recurrence prevention committee” to investigate the case and to help it implement measures to prevent such incidents from happening in the future. GMO Payment Gateway has also complied with a request by the Japanese Ministry of Economy, Trade and Industry (METI) and has submitted a special report into the case with the authorities.
In line with the business ethics in Japan, GMO Payment Gateway’s management has assumed responsibility for the incident, with three of the company’s Board Members to accept salary cuts.