Major Data Breach in Japan


We’ve seen a number of high profile data breaches over the last couple of years, but it’s rare to hear of data breaches in the Asia Pacific region.

Last Friday (December 5th) the Japanese Cosmetics firm Shisheido reported that the online store operated by their subsidiary IPSA Co. may have leaked the details of 420,000 customers.

Stolen data includes Customer Names and Addresses, but more worryingly the payment card information of 56,000 customers may have been leaked. Those are customers who made purchases at the online store between December 14th 2011 and November 4th 2016 – that’s over five years.

This serves to emphasise Price Waterhouse’s 2015 report (here) that said “Nearly 9 out of 10 large organisations surveyed now suffer some form of security breach – suggesting that these incidents are now a near certainty. Businesses should ensure they are managing the risk accordingly.”

Shisheido learned of the data leak on November 4th, when they received a report from a payment agency, they’ve suspended their online store and notified the Japanese Police and the Ministry of Economy, Trade and Industry.

Once again, we reiterate the words of Stephen Orphei, the chairman of the PCI Standards Council, the safest path for any business is to “take risk off the table”.

If you’re not storing card or sensitive data then, even if your organisation is breached, there’s nothing for the bad guys to steal, and your company’s public reputation remains untarnished.

We at Compliance3 can help you, get in touch.