Websites affected by GMO Payment Gateway data leakage seek to handle consequences

Maria Nikolova

More than two weeks after the detection of the credit card information leakage, websites affected by the breach continue to deal with the consequences.

The full scale of the credit card information from the websites of two of the clients of GMO Payment Gateway Inc (TYO:3769), the Japanese provider of payment processing services, has yet to be estimated.

The leak, which happened more than two weeks ago, has affected the credit card payment site for metropolitan tax of the Tokyo Metropolitan Government and the credit card payment site for group life insurance rider of the Japan Housing Finance Agency.

According to preliminary estimates, the number of “units of information” leaked through the Tokyo Metropolitan Government website is 676,290, including 614,629 email addresses, along with 61,661 credit card numbers and credit card expiration dates. The number of “units” of credit card information reportedly leaked from the Japan Housing Finance Agency is 43,540, including credit card numbers, credit card expiration dates, security codes, credit card payment registration dates, addresses, email addresses, names, phone numbers, as well as dates of birth and payment joining dates.

The GMO Payment Gateway’s clients affected by the leak have been issuing regular updates to clients, accompanied by apologies. Today, the Japan Housing Finance Agency published another update on its website concerning the incident – it informs customers that they will be mailed a special guide on what to do with regards to the data breach. The customers will have to confirm any payments made, the payment procedure used, the receipt of the guide itself, etc.

In a previous update, the Japan Housing Finance Agency has asked customers to pay special attention to any unconfirmed transactions made through their credit cards, as well as to any charges. The Agency also urged caution with regards to suspicious phone calls and emails from people presenting themselves as employees of the Agency or GMO Payment Gateway and asking customers to provide credit card data.

GMO Payment began its investigation into a possible information leak on March 9, 2017, following alerts concerning the security of Apache Struts 2. It examined the possibility of unauthorized access at the same time. About six hours after the start of the investigation, it found unauthorized access traces and stopped all systems running with Apache Struts 2.

On March 14, 2017, GMO Payment Gateway announced the establishment of “Recurrence Prevention Committee”, which seeks to perform inspection of the systems affected and to plan and implement measures to prevent any future data breaches.

Read this next

Digital Assets

Valkyrie pulls back on Ether futures merge with Bitcoin ETF

Valkyrie Funds LLC will suspend the purchase of Ether (ETH) futures contracts for its Valkyrie Bitcoin and Ether Strategy ETF (BTF.O). Additionally, the firm will unwind any positions in Ethereum that it has already acquired.  

Digital Assets

Hong Kong police arrest 18 in $1.5B billion JPEX fraud

The investigation into the JPEX crypto exchange scandal continues to unfold as Hong Kong and Macau police arrest four more individuals. These arrests, which include individuals considered “relatively close to the core” of the scandal, bring the total number of detentions to 18.

Digital Assets

Gemini tells Dutch users to withdraw assets by November 17

Gemini, the cryptocurrency exchange founded by Cameron and Tyler Winklevoss, announced that it will cease providing services to customers in the Netherlands, citing regulatory requirements imposed by the country’s central bank.

Digital Assets

SEC puts BlackRock, Valkyrie, and Bitwise Bitcoin ETFs on hold

The U.S. Securities and Exchange Commission has delayed its decisions on several bitcoin exchange-traded fund (ETF) proposals, leaving many in the crypto industry feeling pessimistic for any future blessing from the agency.

Digital Assets

Ripple backs out of Fortress Trust acquisition

Ripple has decided to cancel its planned acquisition of Fortress Trust, a custodian company, less than a month after initially announcing the agreement.


France regulators blacklists 21 FX brokers, FuturBTC

France’s financial markets regulator, the Autorité des Marchés Financiers (AMF), today shed light on several unregulated forex brokers representing their offering under several brands. Notably, the AMF has identified only one crypto-assets provider in its latest warning.  

Digital Assets

Flare and Arkham Collaborate for Enhanced Decentralized Data Access

Flare’s blockchain for decentralized data acquisition integrates with Arkham’s Intelligence Platform, offering users advanced analytics and actionable on-chain insights.

Industry News

iFX EXPO International 2023 Successfully Concludes

The most talked about financial event of the year took place in Limassol, Cyprus.

Retail FX

Plus500 Forex Garners Market Attention In The Latest Expert Ranking

Securing the 58th spot in Traders Union’s Best Forex Brokers of 2023 ranking, Plus500, despite its cautionary overall score of 6.3 out of 10, stands out for its stringent regulatory compliance, user-centric WebTrader platform, and a commendable focus on account security, though it lags in providing advanced trading tools and trust management features.