The data leak at Mitsubishi UFJ Securities Co. has expanded by a factor of five after the brokerage said around 80 companies — instead of 13 as originally announced — may have acquired personal data on more than 49,000 of its customers from a corrupt employee.
The revelation came Friday after the brokerage arm of Mitsubishi UFJ Financial Group Inc. said April 8 that the employee, who was deputy chief of the computer department, sold the data to three dealers who specialize in personal data lists, which in turn sold them to real estate agents and other firms.
A revision was made after an in-house probe found that there were actually 14 firms, as well as an additional 15 potential buyers who received samples of the data, the brokerage said. After taking into account additional information from customers, the brokerage concluded that another 50 companies may have acquired the private data.
Since April 8, the brokerage has gotten around 7,500 complaints, including from an elderly person who came close to having a nervous breakdown after receiving 10 to 20 malicious phone calls per day, it said. The company is considering giving compensation to those who have suffered.
At a press conference, President and CEO Fumiyuki Akikusa apologized for the revelation.
“We will take all possible measures to ensure that our customers will be informed and dealt with properly and to restore our customers’ trust through a more thorough third-party probe,” he said.
Akikusa said the brokerage has sent a warning letter, signed by its lawyer, to the three dealers and the 80 companies urging them to destroy the data and not to use it for telemarketing or other purposes.
As of Friday, however, no one had officially responded to the warning, said the brokerage. This has stirred concern that the brokerage will not be able to stop further client data leaks from happening.
Akikusa said that some of its corporate clients have suspended their accounts with the brokerage and that its earnings “will suffer a major blow.”
Mitsubishi UFJ Securities declined to comment about the possibility of filing charges against the employee because the case is still under investigation.
According to the brokerage, the employee took the personal data of 1,486,651 customers home without authorization by using the ID of a colleague. He then sold information on 49,159 of them to the three dealers for ¥328,000 to repay his consumer loans.
The brokerage terminated the employee effective April 8, the day it announced the leak.
The data on the customers involved names, addresses, land line and mobile phone numbers, birthdays, professions, annual incomes and employers’ names, it said.
The only customers affected were those who opened new accounts or wrap accounts between October 3, 2008, and January 23 this year, it said.