Apology and notice regarding leakage of personal information due to unauthorized access to this site
May 17, 2023
Dear customers
Kadoya Co., Ltd.
Representative Director Masakazu Fukano
Apology and notice regarding leakage of personal information due to unauthorized access to this site
Recently, the "Kadoya Official Online Shop" (hereinafter referred to as "this site") operated by our company was accessed illegally by a third party, and personal information of up to 28,658 people (including credit card information of 6,263 people) was leaked. It has become clear that there is a possibility that
We sincerely apologize for the great inconvenience and concern this has caused to all of our customers, including those who patronize this site .
Starting today, we will be individually contacting customers whose credit card information and personal information may have been compromised by email and letter to apologize and notify them.
We take this situation seriously and will take measures to prevent it from happening again.
We would like to once again apologize to our customers and everyone involved, and would like to provide a summary of this matter as follows.
Record
1. background
On March 15, 2023, we were contacted by some credit card companies regarding concerns about the leakage of credit card information of customers who used this site in the old environment. Payments on this site with the old environment where leakage concerns were discovered were suspended on March 1, 2023, and on the same day we renewed the environment to a different platform and payment system, but due to instructions from some credit card companies. Some credit card payments will be suspended on March 24, 2023.
An investigation by a third-party investigation organization began on March 20, 2023. On April 8, 2023, an investigation by a third-party research organization was completed, and the credit card information of customers who made purchases on this site between April 30, 2021 and March 1, 2023, and past purchases on this site. We have confirmed that the personal information of customers who entered their personal information may have been leaked, and that some customers' credit card information may have been used fraudulently.
Having confirmed the above facts, we have come to today's announcement.
2. Personal information leakage status
(1) Cause
A third party exploited a vulnerability in the system of a site operated by our company to gain unauthorized access, infiltrated the server, and tampered with the payment application.
(2) Customers who may have their credit card information leaked
The following information may have been leaked among up to 6,263 customers who registered their credit card information on this site between April 30, 2021 and March 1, 2023.
・Cardholder name
・Credit card number・Expiration date・Security code
(3) Customers who may have personal information leaked
The following information may have been leaked for up to 28,658 customers who have used this site in the past.
·full name
・Address, postal code ・Telephone number ・Email address ・Purchase history ・Company name (optional input items)
・FAX number (optional input field)
・Gender (optional input item)
・Date of birth (optional input field)
*Please note that if you enter the shipping address separately from the purchaser's address, that address will also be covered.
For customers who fall under (2) and (3) above, we will contact you individually via email and letter.
3. Request to customers regarding credit card information leakage
We are already working with credit card companies to continue monitoring transactions using credit cards that may have been compromised, and are working to prevent unauthorized use.
We apologize for any inconvenience this may cause you, but please double check your credit card statement to make sure there are no charges that you do not recognize. In the unlikely event that you see a billing item that you do not recognize, we apologize for the inconvenience, but please contact the credit card company listed on the back of the credit card.
Furthermore, if a customer wishes to replace their credit card, we will ask the credit card company to do so so that the customer does not have to pay any fees for reissuing the card.
4. About the reason why it took so long to make the announcement public.
We sincerely apologize for the time it has taken from the leak concerns on March 15, 2023 to this announcement.
Normally, we would have contacted the customer when there was a suspicion, warned them of their concerns, and apologized, but disclosing uncertain information will unnecessarily cause confusion, and we are trying to minimize the inconvenience to our customers. We have determined that it is essential to make an announcement after preparations have been made, and have decided to wait for the results of a research company's investigation and cooperation with credit card companies before making an announcement. We apologize once again for taking so long to make this announcement.
5. Measures to prevent recurrence and resumption of credit card payments
Currently, some credit cards cannot be used, but we will notify you on this site when all cards become available.
We take this incident seriously, and based on the investigation results, we will strengthen our system security measures and monitoring system to prevent recurrence.
In addition, our company has already reported this unauthorized access to the Personal Information Protection Commission, which is a supervisory authority, on March 17, 2023, and also reported the damage to the local police station on April 14, 2023. We received the damage report on May 2, 2023, and will fully cooperate with the investigation.
6. About the current Kadoya official online shop
The online shop that was accessed illegally was closed on March 1, 2023, and on the same day it was renewed to a new system using a different platform, after confirming that there is no correlation with the system that was accessed illegally. We continue to operate with a more robust system.
In addition, we will notify you on this site regarding the suspension of payments by some credit card companies as soon as they are resumed.
7. Contact point for inquiries regarding this matter
≪Kadoya Official Online Shop Customer Service Desk≫
Reception hours: 10:00-18:00 (excluding Saturdays, Sundays, and holidays)
Phone number: 03-3842-2000
Inquiry form: https://ekadoya.com/pages/after-inquiry
*Reception hours have changed. We apologize for any inconvenience this may cause and appreciate your understanding.
It may be difficult to reach you by phone for several days after publication, or it may take some time to respond by email. We apologize for the inconvenience, and appreciate your understanding in advance.
In case you are unable to reach us by phone or it takes time to respond by email, we have prepared a Q&A page below, so please check it out.
Q&A list regarding this matter
https://ekadoya.com/pages/after-faq
We would like to once again apologize for the great concern this incident has caused to everyone.