Half a million Uniqlo shoppers caught up in online breach

Uniqlo parent Fast Retailing announced hackers may have gained access to personal information of 461,091 accounts registered on the company’s Japanese shopping websites.

The retailer said in a statement Monday the hackers may have accessed customers’ personal information, purchase history and partial credit card numbers of some of the users of its Uniqlo Japan and GU Japan online stores from April 23 to May 10 by means of list type account hacking.

List type account hacking is when user IDs and passwords are potentially leaked from other services or sites.

The company said it is still investigating the breach and added the number of incidents and circumstances may change during the course of the investigation.

In the meantime, the Japanese retailer advised its online store’s customers, the number of which the company has not disclosed, to use unique passwords and to avoid using passwords used from other websites to lower the chances of hackers accessing their accounts.

“Fast Retailing sincerely apologises for the trouble and concern this has caused to its customers and all others involved,” the company said.

“Going forward, the company will further strengthen its security measures and take steps to ensure safety, in order to prevent similar incidents in the future.”

The retailer said information that was potentially accessed includes:

  • Customer name (last name and first name)
  • Customer address (postal code, address, and apartment number)
  • Customer phone number, mobile phone number, email address, gender, date of birth, purchase history, and clothing measurements
  • Receiver name (last name and first name), address, and phone number
  • Customer partial credit card information (cardholder name, expiration date, and portion of credit card number). The credit card numbers potentially accessed are hidden, other than the first four and last four digits. In addition, the CVV number (credit card security code) is not displayed or stored.

In its announcement, Fast Retailing said it has identified the origin of the communication from which the unauthorised logins were attempted and has blocked access. The company added it is strengthening monitoring of other access points.

The Japanese retailer said it has already disabled the passwords for the 461,091 user IDs that were compromised, and is sending individual e-mails to each person affected, requesting that they reset their password.

Fast Retailing has also filed a report of damages regarding the unauthorised logins with the Tokyo Metropolitan Police.

Online sales made up 9.9 per cent of Uniqlo sales in Japan and 20 per cent in China in the company’s first half report. The company said overall online sales rose 30.3 per cent in that report.

This story first appeared on our sister site Inside Retail Australia.

You have 7 articles remaining. Unlock 15 free articles a month, it’s free.