HOME > Group Companies > Group News > Apology and Report on Deficiencies in the Handling of Personal Information within the Fast Retailing Group Information System

Group News

Last Updated: 2024.07.02

Apology and Report on Deficiencies in the Handling of Personal Information within the Fast Retailing Group Information System

FAST RETAILING CO., LTD.
UNIQLO CO., LTD.
G.U. Co., Ltd.
PLST Co., Ltd.
to Japanese page

Fast Retailing Co., Ltd. ("the Company") has uncovered deficiencies in the handling of personal information through an information system managed by the Company. An investigation by the department in charge revealed that employees of the Company and certain contractors to whom the handling of personal information was not outsourced were able to view personal information beyond the scope necessary for their work.

We sincerely apologize for any inconvenience or concern this may have caused to customers and stakeholders.

Access to the information system is limited to designated employees of the Company and its contractors, and the Company has not confirmed any instances of these persons taking personal information from the system. In addition, access to the information system is tightly controlled within the system, and access by third parties other than these persons has also not been confirmed.

In accordance with the Act on the Protection of Personal Information, this announcement reports on the circumstances leading up to the discovery of the incident, the actions taken by the Company so far, and measures it plans to implement in the future.

  1. Background

    The Company has an information system for monitoring the operation status of services provided to customers ("the Information System"). In January 2024, the department of the Company in charge of the Information System confirmed through an investigation that some personal information was accessible beyond the intended scope and purpose of the system.
    As a measure to contain this incident, the Company immediately blocked access to the Information System, and established and implemented a system to detect and isolate in the Information System any data that contains personal information.
    In addition, an investigation into the impact from this incident found that from June 2023 to January 2024, for certain services, including the Group's online store, the Information System was set to store the personal information of some customers. The Information System was not intended for storing personal information, and as a result, certain contractors to whom the Company does not outsource the handling of personal information were able to view the personal information stored in the Information System.
    The Information System can only be accessed by employees of the Company and designated employees of subcontractors who have been authorized in advance, and access by third parties other than designated persons is strictly restricted. Along with confirming that this restriction is functioning effectively, the Company confirmed that no personal information has been removed by anyone who has access to the Information System, or accessed by third parties.
    Further, prior to the start of outsourcing work, the Company concluded confidentiality agreements with the contractors who were able to access to the personal information, and has also obtained written confirmation that they have not stored or removed personal information as part of this incident.
    Of note, the Company has confirmed that this incident did not affect all customers who used the Group's services during the above period, occurring only under specific conditions. The Company is currently continuing its investigation to identify the customers subject to this incident.

  2. Personal information subject to this incident

    Of the personal information of customers who used the Group's online stores or visited physical stores, etc., from June 2023 to January 2024, the information subject to this incident is limited to the following. Of note, the personal information that was accessible does not include credit card information or online store passwords.

    1. 1) Online store member registration information of customers who used the Group's online stores, including name, address, telephone number, and e-mail address.
    2. 2) The name, telephone number, and e-mail address of customers who visited a Group store, and requested that products be ordered from another store.
    3. 3) E-mail addresses of customers who used the "Style Hint" outfit discovery app operated by the Group

  3. Response to customers

    Customers who the Company has confirmed were subject to this incident will be contacted individually by e-mail at the e-mail address registered with the Group's services, or by letter sent to their registered address.

  4. Cause of the incident and prevention of recurrence

    The cause of the incident was inadequate confirmation of specifications in the Group's information system at the development stage, and insufficient monitoring during the operation stage.
    Going forward, in the development and operation of the Group's information systems, the Company will strive to prevent the occurrence of similar incidents by reaffirming procedures to confirm that personal information unnecessary for business purposes is not accessible, and through thorough and proper operations, including prompt detection and correction of problems when they occur.

  5. Reason for the delay in public disclosure

    The Company sincerely apologizes for the time required for public disclosure of this incident, which was discovered in January 2024. Since making a public announcement based on uncertain information or erroneous findings could cause confusion and lead to further concerns, the Company decided to conduct a careful and thorough inquiry. The investigation is still ongoing, but has reached a point where it is approaching completion, so the announcement is being made at this time.

Inquiries Regarding this Matter

Telephone
UNIQLO / GU / PLST: 0120-760-296 Business hours / 9:00-17:00

E-mail
UNIQLO / GU customer.hotline@fastretailing.com
PLST customer.hotline_jp@plst.com

*If you have any concerns or concerns regarding this matter, please contact the Company at the dedicated phone number or email.
It may be difficult to connect by telephone, and e-mail responses may be delayed.
We apologize for the inconvenience. Thank you for your understanding.

 

Top of page