At least 2.68 million pieces of personal information held by over 100 Japanese entities were subject to unauthorized disclosures in 2018, a Kyodo News survey found Wednesday.

The data disclosures were confirmed and revealed by 104 organizations, including hotel operators and universities as well as French hotel reservation service Fastbooking SAS, whose breach exposed the information of people who had reserved rooms at Japanese hotels.

MS&Consulting Co. in Tokyo suffered the biggest data loss, with some 570,000 items of personal data such as email addresses, passwords and phone numbers affected.