About unjust login of Mitsukoshi Isetan WEB member, Web MI CARD member (followup)


It is ... about findings about unjust login by ... "list type account hacking" (list type attack)

In the homepage of MI CARD which was online site "Mitsukoshi Isetan online store" and group companies which we ran on August 5, 2020, we received unauthorized access from overseas IP address, and member information told about what might be read about login, member of part illegally.

As a result of having performed forenjikku investigation by specialized third party research institute again, member account that it might be logged in to illegally newly became clear in "Mitsukoshi Isetan online store". We talk about report in the final findings as follows. In addition, there was not damage such as abuse (the purchasing and point exchange) except information reading by this unjust login.

We sincerely apologize for having caused members including customer nuisance and worry.

We take this situation solemnly and perform report, report to related organizations and will act for further reinforcement of security measures for prevention of recurrence.

<situation (last) of unjust login>   
"Mitsukoshi Isetan online store"
The number: 50,285 cases
Period: From Tuesday, May 5 to Monday, August 3

Member information that might be read: Full name, address, phone number, e-mail address, the date of birth
Credit card information only in expiration date and four digits of card number bottoms
※We include page of MI POINT which can change from Mitsukoshi Isetan online store

In addition, in the MI CARD homepage, member account logged in to illegally newly was not confirmed.

<correspondence and preventive measures against recurrences>
① Correspondence to customer that newly unjust login became clear by this investigation
→We ask customer for change of password by email individually after having initialized password on Friday, September 11. When we set password same as other companies service, customer would appreciate your changing for password that is not supposed easily by third party for prevention of unjust login.

②System measures for security enhancement
→Unjust login interrupted access from tried IP address and carried out introduction of new security equipment and tuning of existing security equipment and strengthened security measures.

We would appreciate your contacting us below for inquiries if you have any questions about this matter.

[inquiry window about this matter]
■Mitsukoshi Isetan online call center
Phone number: 0120-116-326
Reception hours: From 10:00 a.m. to 6:00 p.m.

September 11, 2020
Mitsukoshi, Ltd. Isetan Nagoya Mitsukoshi

※List type account hacking (list type attack): Technique of unjust login using user ID, password that might flow out from other companies service 
※forenjikku investigation: Maintenance, various investigations into data analysis, extraction of related information, a series of investigations including report into evidence for unauthorized access