TOKYO—Shiseido Group said Friday that one of its e-commerce websites has been the target of a cyberattack, possibly compromising personal data of over 400,000 customers.
The site that was hacked belonged to the brand Ipsa, and operates separately from other Shiseido Group online shopping sites. While Ipsa does have a presence outside of Japan in Asian countries such as Taiwan, China and Thailand, the site affected was a domestic e-commerce platform serving only customers in Japan.
Japan’s largest cosmetics company was informed of a possible leak of credit card information by its payment agent in early November, Shiseido said.
The Ipsa site immediately suspended the operation of credit card settlements and Shiseido said it set up an in-house investigation team and enlisted a third-party forensics expert to identify and contain the attack. It also reported the issue to law enforcement and government agencies, the beauty giant said.
A spokesman for Shiseido said that while it has not yet been confirmed, there is the possibility that customer information, including credit card information, has been leaked. The company said that the breach affects personal information including names, addresses, telephone numbers, e-mail addresses and passwords of 421,313 customers. It may have also compromised credit card numbers, billing addresses and card expiration dates for some 56,121 customers who registered their cards on the site between Dec. 14, 2011 and Nov. 4 of this year.
You May Also Like
On Friday Shiseido began notifying customers of the breach via both email and postal mail. It also provided credit card companies with details on the cards that may have been affected. The cards are being “closely monitored” for illegal activity, and Ipsa has pledged to cover the reissuance fee should a customer need to have a card reissued as a result of the breach.
Shiseido said it is continuing to investigate the incident with external experts “in order to identify the cause and set up stronger security measures.”