Last Updated: 2019.05.13
Unauthorized Logins on Fast Retailing Online Store Websites due to List Type Account Hacking and Request to Change Password
Fast Retailing Co., Ltd.
UNIQLO Co., Ltd.
GU Co., Ltd.
to Japanese page
On May 10, 2019, Fast Retailing became aware of unauthorized logins to customer accounts on its official UNIQLO Japan and GU Japan online stores by third parties. While the number of incidents and circumstances may change during the course of the investigation, Fast Retailing is today providing notice of the facts as determined at the present time, and the company's response.
At present, Fast Retailing has determined that a total of 461,091 unauthorized logins occurred between April 23 and May 10, 2019, by means of list type account hacking.* Fast Retailing sincerely apologizes for the trouble and concern this has caused to its customers and all others involved. Going forward, the company will further strengthen its security measures and take steps to ensure safety, in order to prevent similar incidents in the future.
1) Confirmed number of unauthorized logins to customer accounts
- A total of 461,091 unauthorized logins to registered accounts on the UNIQLO Japan and GU Japan online stores.
2) Potentially accessed customer information
- Customer name (last name and first name)
- Customer address (postal code, address, and apartment number)
- Customer phone number, mobile phone number, email address, gender, date of birth, purchase history, and clothing measurements
- Receiver name (last name and first name), address, and phone number
-
Customer partial credit card information (cardholder name, expiration date, and portion of credit card number)
The credit card numbers potentially accessed are hidden, other than the first four and last four digits. In addition, the CVV number (credit card security code) is not displayed or stored.
*List type account hacking (a list-type attack) is when user IDs and passwords are potentially leaked from other services.
3) Response
Fast Retailing received reports from customers that they had received emails of which they had no knowledge. The company investigated, and confirmed that unauthorized logins had been attempted by external parties between April 23 and May 10, 2019.
Currently, Fast Retailing has identified the origin of the communication from which the unauthorized logins were attempted and has blocked access, and is strengthening monitoring of other access points. On May 13, the company disabled the passwords for the 461,091 user IDs that had been potentially accessed, and is sending individual emails to each person affected, requesting that they reset their password.
Fast Retailing has also filed a report of damages regarding the unauthorized logins with the Tokyo Metropolitan Police.
4) Request to customers
Fast Retailing requests all customers using the UNIQLO Japan and GU Japan online store websites to do the following in order to prevent unauthorized access:
1. Use different passwords from those used for other services
2. Avoid using easily guessed passwords
The method used for these unauthorized logins, similar to other recent incidents involving internet services, is assumed to be list type account hacking. Accordingly, it's likely that the accounts affected by unauthorized logins are those for which the user has registered the same password with other services.
One method for preventing list-type attacks is to not use the same password for other services. Fast Retailing is therefore requesting everyone who uses the same user ID or password with other services, not just the customers who have been contacted individually, to change their passwords immediately. The company recognizes that protecting customer information is a matter of the highest priority, considering this incident extremely serious, and is strengthening monitoring of unauthorized access, as well as taking other steps to further ensure that customers are able to shop with safety.
Inquiries regarding this matter should be directed to the contact below. Please note that Fast Retailing will never ask customers for their passwords by email, social media or over the phone regarding this or any other matter.
Customer service contact for this matter
Tel: 0800-000-1022 free of charge (available 9:00-17:00, including weekends and holidays)
Email: customer.hotline@fastretailing.com
