The company says it has implemented all measures in order to avoid repetition of the data leakage incident from March 2017.
Japanese provider of payment processing services GMO Payment Gateway Inc (TYO:3769) has sought to reassure its clients that it has implemented all measures in order to avoid repetition of the data leakage incident from March 2017.
In a brief notice, published on its website, GMO-PG said it had performed a re-audit of its compliance with the Payment Card Industry Data Security Standard (PCI DSS). In addition, the company said it had implemented all of the recurrence prevention measures it presented as a part of its “Notice of the Investigation Report of the Recurrence Prevention Committee” dated May 1, 2017.
The notice in question is actually a rather detailed report into the incident from March 9, 2017 that saw important credit card information leak from two of the company’s client websites – those of the Tokyo Metropolitan Government and the Japan Housing Finance Agency. A number of investigations, including ones conducted by external experts have confirmed unauthorized access by a third party to credit card information belonging to users of the Tokyo Metropolitan Government credit card payment site for metropolitan tax, as well as the credit card payment site for group life insurance rider of the Japan Housing Finance Agency.
According to preliminary estimates (which were revised afterwards, with regards to “doubling of information”), the number of “units of information” leaked through the Tokyo Metropolitan Government website was 676,290, including 614,629 email addresses, as well as 61,661 credit card numbers and credit card expiration dates. The number of “units” of credit card information reportedly leaked from the Japan Housing Finance Agency was 43,540.
The company stressed the responsibility to be born by its management, with three of the Board Members having accepted salary cuts.
After the incident, GMO Payment Gateway has published a number of reports to update its customers, partners and investors on the reasons for the leakage and its consequences. The company has formed a special “Recurrence prevention committee” to investigate the case and to help it implement measures to prevent such incidents from happening in the future. GMO Payment Gateway has also complied with a request by the Japanese Ministry of Economy, Trade and Industry (METI) and has submitted a special report into the case with the authorities.
Today, GMO Payment Gateway insisted that it will continue to work to improve information security and strengthen its risk governance structure.