Japanese online shopping mall operator Rakuten Inc. said Friday that a computer security problem at the group exposed 1,486,291 sets of personal and corporate information to access from the outside.
Of the affected data, managed by Rakuten, credit card subsidiary Rakuten Card Co. and e-money business Rakuten Edy Inc., at least 614 sets were accessed from abroad.
The incident pccurred because the Rakuten group failed to notice or deal with a change in the security settings of an external sales management system the group uses.
The change, which occurred as part of a system update Jan. 15, 2016, left the data accessible from the outside. The group recognized the security hole Nov. 24 this year after being warned by an external expert.
The group completed a necessary setting change by Nov. 26. Since then, no access by a third party has been confirmed, Rakuten said.
At Rakuten Card, the exposed information included the names of corporate representatives and sole proprietors who applied for business loans, amounts of outstanding loans, use of borrowed funds and data from the drivers’ licenses of guarantors.
Among other affected information were data on companies and employees that requested documents to open stores at the Rakuten cybermall and the names and telephone numbers of individuals who asked for transfers of Edy e-money when their smartphones failed.
Rakuten apologized for causing concern and problems to customers and promised to compensate for any damage stemming from misuse of exposed personal information.
By subscribing, you can help us get the story right.