Tokyo Metropolitan Government has confirmed the safety of the credit card payment site more than a month after a data leakage led to its closure.
The Tokyo Metropolitan Government is finally on its way to recovery from the data leak that affected its credit card payment site for metropolitan tax more than a month ago. The Tax Office of the government has announced the pending restart of the affected website, with the relaunch scheduled for April 24, 2017.
The work of the website was halted on March 10, 2017, following an announcement by GMO Payment Gateway Inc (TYO:3769), the Japanese provider of payment processing services, about unauthorized access to two websites of the Tokyo Metropolitan Government and the Japan Housing Finance Agency. Initial numbers (which were afterwards revised) have shown that the amount of “units of information” leaked through the Tokyo Metropolitan Government website is 676,290, including 614,629 email addresses, as well as 61,661 credit card numbers and credit card expiration dates.
In its announcement about the pending relaunch of the website, the government explains that its team has been working on detailed investigation and examination of countermeasures since the incident was first reported. Following improvement of security and taking steps to prevent reoccurrence at the contract company, Tokyo Metropolitan Government has confirmed the safety of the website.
GMO PG started its investigation into a possible information leak on March 9, 2017, following alerts concerning the security of Apache Struts 2. It examined the possibility of unauthorized access at the same time. About six hours after it started investigating, it found unauthorized access traces and stopped all systems running with Apache Struts 2.
Regarding the credit card payment website for group life insurance rider of the Japan Housing Finance Agency, which was also halted as a result of the security breach, there is still no information about its relaunch. Yesterday, April 19, 2017, the Japan Housing Finance Agency published an update into the matter, but it concerned the volume of data leaked and the mail the company had sent with instructions on future payments.