Japan’s major travel agency JTB has admitted to a cyberattack which it fears has led to the theft of data belonging to 7.93 million users.
In today’s day and age where major data breaches are heard of almost weekly, the odd eight million doesn’t sound too critical. However, in JTB’s case, the travel agency believes that not only have customer names, addresses and email addresses been stolen, but also their passport numbers.
The only saving grace, as reported by local media Japan Times, is that only around 4,300 of these passport numbers is believed to be valid — a small subsection of the leaked data, but one that could cause serious issues to fliers should the data be sold on for the sake of creating fake passports, travel documents or identity theft.
There is also the possibility that the data leak includes information given by customers who have used online travel booking services offered by carrier NTT Docomo.
On Tuesday, JTB said there is no current evidence that the stolen data has been misused or sold on — but knowing dark web forums, it will likely only be a matter of time.
JTB President Hiroyuki Takahashi told attendees at a press conference:
“I apologize for causing trouble and worry to our customers and other people concerned.”
The travel agency believes that one of its units, i.JTB, became the target of a spear phishing campaign. After an innocent employee opened one of the phishing emails and downloaded the file attachment to the message, malware was able to infect the PC and access customer information stored on the server.
The Japanese Metropolitan Police Department have begun investigating the cyberattack.
JTB is Japan’s largest travel agency and supports a workforce of 26,000, posting net profit of ¥12.58 billion in FY 2015. However, the firm is not the only enterprise entity from the island nation to experience a data breach. In 2013, Yahoo Japan suffered a massive data breach which exposed the data of 22 million accounts.