Fast Retailing Group revealed this week that the Japanese company’s official Uniqlo Japan and GU Japan online stores registered unauthorised logins across thousands of customer accounts over a two-week period.
SEE ALSO : Uniqlo Japan’s most valuable retail brand
The fast-fashion giant said that a total of 461,091 unauthorized logins occurred between April 23 and May 10, 2019, by means of list type account hacking — when user IDs and passwords are potentially leaked from other services.
After Fast Retailing received reports from customers that they had received emails of which they had no knowledge, the company said it commenced investigations that confirmed the unauthorized logins.
The Uniqlo parent company said that the origin of the unauthorized logins is known and the company has since blocked access. It has also disabled the passwords for the 461,091 user IDs that had been potentially accessed, and is sending individual emails to each person affected, requesting that they reset their password.
In a statement issued by the company on Monday, Fast Retailing said it “sincerely apologizes for the trouble and concern this has caused to its customers and all others involved” adding it “will further strengthen its security measures and take steps to ensure safety, in order to prevent similar incidents in the future.”
The information potentially obtained by the hackers includes customer information including name, address, phone number, email address, gender, date of birth, purchase history, and clothing measurements.
Moreover, the hackers were also privy to each customer’s partial credit card information. This includes cardholder name, expiration date, and a portion of consumers’ credit card number, but only the first four and last four digits. Likewise, the CVV number was not stored, said the company.
Fast Retailing has filed a report of damages regarding the unauthorized logins with the Tokyo Metropolitan Police.