Insurer Alico Japan released Friday the results of its internal probe on a recent mass-scale data leak from customers' credit cards, concluding that the data on more than 18,000 customers may have been stolen by employees of a computer-related service provider with access to Alico offices.
The Alico Japan case is one of the largest credit-card data leaks in the country involving fraudulent use of stolen data. Suspected unauthorized credit-card uses were mostly linked to online purchases of consumer electronic products.
The Japanese arm of American International Group Inc. announced the findings of its two-month probe at a news conference in Tokyo. The report said that card data on 18,184 policyholders had leaked.
Alico Japan officials said they have held hearings with about 90 people, including current, former and outsource employees, since July 14 when it started receiving inquiries from credit card firms over possible fraudulent card uses.
The firm has since received more than 4,000 inquiries.
Consequently, it has decided that the card data leaked through employees of a non-Alico firm authorized to visit Alico Japan offices for computer system-related services, the officials said. The probe found several signs of fraudulent access to Alico Japan's database from personal computers at the firm.
The Financial Services Agency plans to issue a business improvement order to Alico Japan if it concludes the insurer's data administration system has shortcomings after it examines the Alico Japan report, FSA sources said.