Websites affected by GMO Payment Gateway data leakage seek to handle consequences

Maria Nikolova

More than two weeks after the detection of the credit card information leakage, websites affected by the breach continue to deal with the consequences.

The full scale of the credit card information from the websites of two of the clients of GMO Payment Gateway Inc (TYO:3769), the Japanese provider of payment processing services, has yet to be estimated.

The leak, which happened more than two weeks ago, has affected the credit card payment site for metropolitan tax of the Tokyo Metropolitan Government and the credit card payment site for group life insurance rider of the Japan Housing Finance Agency.

According to preliminary estimates, the number of “units of information” leaked through the Tokyo Metropolitan Government website is 676,290, including 614,629 email addresses, along with 61,661 credit card numbers and credit card expiration dates. The number of “units” of credit card information reportedly leaked from the Japan Housing Finance Agency is 43,540, including credit card numbers, credit card expiration dates, security codes, credit card payment registration dates, addresses, email addresses, names, phone numbers, as well as dates of birth and payment joining dates.

The GMO Payment Gateway’s clients affected by the leak have been issuing regular updates to clients, accompanied by apologies. Today, the Japan Housing Finance Agency published another update on its website concerning the incident – it informs customers that they will be mailed a special guide on what to do with regards to the data breach. The customers will have to confirm any payments made, the payment procedure used, the receipt of the guide itself, etc.

In a previous update, the Japan Housing Finance Agency has asked customers to pay special attention to any unconfirmed transactions made through their credit cards, as well as to any charges. The Agency also urged caution with regards to suspicious phone calls and emails from people presenting themselves as employees of the Agency or GMO Payment Gateway and asking customers to provide credit card data.

GMO Payment began its investigation into a possible information leak on March 9, 2017, following alerts concerning the security of Apache Struts 2. It examined the possibility of unauthorized access at the same time. About six hours after the start of the investigation, it found unauthorized access traces and stopped all systems running with Apache Struts 2.

On March 14, 2017, GMO Payment Gateway announced the establishment of “Recurrence Prevention Committee”, which seeks to perform inspection of the systems affected and to plan and implement measures to prevent any future data breaches.

Read this next

Institutional FX

Euronext reports double-digit growth in FX volume

Pan-European exchange, Euronext has reported a 10 percent rebound in the average daily volume on its spot foreign exchange market. The ADV figure stood at $19.6 billion in January 2022, which is up from December’s $18 billion.

Digital Assets

Voyager subpoenas FTX’s inner circle over Alameda loan

Bankrupt crypto broker Voyager Digital, represented by law firm Kirkland & Ellis, is seeking court approval to subpoena Sam Bankman-Fried’s inner circle, as well as Alameda Research’s former executives.

Retail FX

AvaTrade seals sponsorship deal with F1’s Aston Martin team

Dublin-based forex broker AvaTrade today announced that it has concluded a sponsorship deal with Formula One’s Aston Martin Cognizant team that entails sponsorship rights and other marketing benefits.

Executive Moves

M4Markets onboards Invaxa CEO Marios Antoniou as COO

Seychelles-regulated brokerage firm M4Markets has appointed Marios Antoniou, who has a colorful career within the foreign exchange industry, in the capacity of its Chief Operations Officer.

Digital Assets

GK8 now allows clients to control their digital assets as they would their fiat

“As the institutional market is increasingly turning to self custody, our policy engine empowers them to automate transactions, approvals, and even crucial workflows, while providing the highest degree of security, consistency, governance and control.”

Digital Assets

Retail CBDCs in the UK: “Welcomed” by CryptoUK and R3, but “Dystopian” for ETC Group

“At this stage, we judge it likely that the digital pound will be needed in the future. It is too early to decide whether to introduce the digital pound, but we are convinced preparatory work is justified”, said the BoE and HM Treasury.

Institutional FX

Centroid taps Iress API to provide retail brokers with real-time market data

“It has always been a challenge to have an efficient, elegant solution for market data and order execution for retail brokers, but with Iress we have found absolutely the right partner to add to our client offering.”

Digital Assets

Ramp launches FCA-approved off-ramp product, onboards Brave, Trust Wallet, Ledger

“To obtain and maintain our FCA registration, we must meet and operate within their strict anti-money laundering and counter-terrorist financing standards. This is a huge achievement for us, as compliance is a cornerstone of our business and what we stand for.”

Institutional FX

State Street launches FIX API for Fund Connect ETF platform

“Expanding from proprietary APIs to the FIX industry standard will bring us closer to our goal of 100% digital interactions. This is another example of innovations we’ve brought to our operating model as we celebrate 30 years of servicing ETFs since the launch of SPY.”