A leading travel agency based in Japan has admitted that "unauthorised access" to its email server resulted in the potential leak of personal information belonging to nearly 8 million customers.
The firm in question, JTB Corp, said the targeted database included names, home addresses and email addresses of 7.93 million people – adding that analysis has revealed at least 4,300 of the compromised records contained valid passport numbers.
The hacked travel agency told local media that culprits used a 'targeted email attack' to access its systems. Taking the form of a common phishing scam, an employee unwittingly opened a malicious file attachment containing a virus that gave the intruder free rein over data contained on its server.
In a news conference after the incident (14 June), in which agency officials bowed in apology, JTB president Hiroyuki Takahashi said: "I apologise for causing trouble and worry to our customers and other people concerned."
Takahashi revealed the leaked data may also include information on customers who used its online travel booking services, however maintained that no misuse of the stolen credentials has been reported. Police are now said to be investigating.
The news comes as cyberattacks and suspicious online threats against government agencies in Japan have allegedly reached an all-time high. As reported by The Japan Times, the amount of such attacks has increased by over 50% year-on-year. In the 2015 fiscal year, a record number of 6.13 million cyber incidents were reported, up from 3.99 million the previous year, according to an annual government cybersecurity report.
Looking ahead, minister Yoshihide Suga said: "We will especially work on creating new industries, improving the business environment to nurture human resources, strengthening measures to protect key infrastructure, and deepening international co-operation."
The massive leak follows a spate of recent major data breaches impacting millions of internet users across the globe. Major websites and social media platforms – including LinkedIn, Myspace, Tumblr and Twitter – have all been hit by leaks since the beginning of the year. It reinforces the notion that in the digital age information is power and – unfortunately for internet users – personal information has never appeared to be more vulnerable.