The leaked information contains sensitive data such as customer names, addresses, e-mails and even passport numbers.
A massive data leakage incident has been making waves in Japan. The major Japanese travel agency JTB Corp. announced on Tuesday that their server has been compromised. This incident has exposed the personal information of about 7.93 million people who have used the JTB Corp. services.
The leaked information contains sensitive data such as customer names, addresses, e-mails and even passport numbers. According to the JTB statement, about 4,300 passport numbers, which are believed to have been exposed, are still valid.
The corporation has already notified the Tokyo Metropolitan Police Department and the related authorities about the incident. There have been no reported data abuses as of yet. However, JTB has started to contact customers, whose data had been compromised, by e-mail. It has also established a nonstop working toll-free number to respond to all customers’ concerns.
The cause of the massive data leakage was a targeted email attack against one of the group’s company servers, JTB has said. A JTB Corp. computer was infected with malicious email attachment after an employee had opened a contaminated attached file. This enabled the virus to steal information directly from the server. Customers, who used the JTB online travel booking services, provided by the major mobile phone carrier NTT Docomo Inc., may have also been affected by the information leakage.
In a press conference, the JTB President Hiroyuki Takahashi came with an official apology: “I apologize for causing trouble and worry to our customers and other people concerned”.
JTB is a leading travel agency in Japan, with around 26 000 workers. It generates millions of dollars in annual net profits and mainly benefits from the foreign travelers coming to visit Japan, most of which are from China. This recent data incident would certainly lower the trustworthiness of the company and comes to show that there is a desperate need for more organized and effective security measures to be taken. Preventing unauthorized access to company servers and virus infections should be of an utmost priority to any company in order to avoid the important information of their customers to leak out.
Companies all around the world continue to store their customers’ sensitive information without proper security systems in place to prevent data breaches. Therefore, this recent case should draw attention to a need for effective security and preventive measures as well as proper awareness policy for the employees. Moreover, we as customers need to be more proactive and ask companies why they need any sensitive information about us and how they are going to keep it safe. If the answer is not suitable, we are in our right not to trust them with our private data.