Apology and Notice Regarding Credit Card Information Leaking
Dear ApparelX Global customers,
It has come to our attention that the corporate e-commerce site "ApparelX" operated by our company was illegally accessed by an intruder, resulting in the possible leakage of 195 credit card details of our customers.
We would like to express our sincere apologies for the inconvenience and concern caused to our customers and all other parties concerned.
Customers whose personal information may have been leaked have been contacted individually via e-mail today to apologize and inform them of the situation.
We have taken this incident very seriously and have taken measures to prevent a recurrence. We would like to apologize again to our customers and all other concerned parties, and would like to provide an overview of the situation as follows
On December 9, 2020, our IT team detected that a file on the payment page had been tampered with, and on the same day, we deleted attack files that had been placed on the server by exploiting a vulnerability in the file upload function of our service. On December 10, 2020, we filed a report with the local police, and on December 16, 2020, we suspended card payments based on the guidance of the settlement agent. On March 8, 2021, the investigation by the third party investigation agency was completed, and it was found that the credit card information of customers who made purchases with "ApparelX" during the period from November 27, 2020 to December 9, 2020 was leaked, and that some customers' credit card information may have been misused. We have confirmed that there is a possibility that some customers' credit card information may have been used fraudulently. The above facts have been confirmed, leading to today's announcement.
2. Personal information leaking
The payment page was altered due to unauthorized access by a third party who exploited a vulnerability in the file upload program of the ApparelX website that operated by our company.
(2) Customers whose personal information may have been exposed.
The following is a list of information that 195 customers who made credit card payments using "ApparelX" between November 27, 2020 and December 9, 2020 may have been exposed.
- Credit card number
- Expiration date
- Security code
*In addition to the above credit card information, the name of the shipping address, shipping email address, shipping address, and shipping phone number of the order may have been exposed.
We will contact each of the 195 customers separately by email.
3. A request to customers
We are already working with credit card companies to prevent fraudulent use of credit cards by continuing to monitor transactions using credit cards that may have been exposed.
We sincerely apologize for this inconvenience, but we would like to ask you to please check the credit card statements for any unfamiliar billing occurred. If there is a charge on your credit card statement that you do not remember, please contact the credit card company listed on the back of your credit card.
If customers wish to have the credit card replaced, we will ask the credit card company to reissue the card at no additional fee.
4. Regarding the delay of announcement
We would like to express our sincere apologies for the long time it took to this announcement about the incident on December 9, 2020.
We would have contacted the customers at the time of the incident to alert them and apologize, however after discussing with the payment processor company, they explained that the release of uncertain information would cause unnecessary confusion and that it was essential to make an announcement after making preparations to minimize the inconvenience to the customers.
Therefore, we decided to wait for the results of the investigation and cooperation with the credit card companies before making any announcement.
We would like to apologize again for the time it has taken us to make this announcement.
5. Recurrence Prevention and Resumption of Accepting Credit Cards
We have taken this incident very seriously and have strengthened our system security as well as the monitoring system according to the results of the investigation. The date of resumption of credit card payments for ApparelX website will be announced as soon as it is determined. In addition, we have reported this unauthorized access to the Personal Information Protection Commission, which is the regulatory agency, on March 16, 2021, and also reported the damage to the local police in charge on December 10, 2020, and we will fully cooperate with the investigation in the future.
6. For inquiries regarding the matter
<<Design X Inc. Customer Service Desk>>
Operating hours: 9:00 to 18:00 (Japan Time, excluding Saturdays, Sundays and holidays)
Telephone number: +81-3-6285-2811
E-mail address: firstname.lastname@example.org
Thank you for your patience, understanding, and cooperation during this unexpected situation.
Design X Inc.
Haruhiko Yamamoto, CEO