Personal information on about 620,000 customers of Hankyu Express International Co. was leaked and sold to a personal information list trader, the Osaka-based travel agency said Wednesday.
The data include customers’ names, addresses, phone numbers and dates of birth, Hankyu Express officials said. In some cases, occupations were also leaked.
“We apologize to our customers and business partners for causing trouble,” Hankyu Express President Hiroshi Ojima told a news conference in Tokyo. “We will reinforce our security system to prevent a recurrence.”
The firm is still investigating when and how the data were leaked, but it said it is highly likely that someone had accessed the computer database at the company’s Tokyo office in Minato Ward.
Company officials said they cannot deny the possibility that employees in the office had unlawfully accessed and stolen the information.
The company said only two employees are granted access to the server computer, as they are the only ones who have the keys to the server room. About 250 employees including temporary staff work in the office, it added.
There are 500 terminals in the office that can be used to access the list of some 2.5 million customers who purchased domestic and overseas tour packages there.
The travel agency said it had thus far received 13 inquiries from customers who were contacted by salespeople at companies they had never heard of, but added that no actual financial damage has been reported.