About the unjust login to Mitsukoshi Isetan WEB member, a Web MI CARD member

Request for outbreak and password change of the unjust login by "list type account hacking" (list type attack)

※Thursday, August 6 2:00 p.m. update

            

In the homepage of the MI CARD which was online site "Mitsukoshi Isetan online store" and the group companies which Mitsukoshi, Ltd. Isetan ran, it received the unauthorized access from an overseas IP address, and it was found out that member information might be read about login, the member of part illegally.

It is supposed that the technique of this unjust login is performed by technique of "the list model account hacking" (list type attack) that used a user ID, the password that might flow out from other companies service. For details, it is as follows.

 

<the situation of the unjust login>

※There will be possibility to be changed with a number as of Wednesday, August 5 in future.

 

①A site name: "Mitsukoshi Isetan online store"

 The number: 15,336 cases

 Period From Monday, July 6 to Monday, August 3

 The member information that might be read: Full name, address, phone number, e-mail address, the date of birth

 ※The credit card information only in the expiration date and four digits of card number bottoms

 

②A site name: MI CARD homepage

 The number: 3,583 cases

 Period From Monday, July 6 to Monday, August 3

 The member information that might be read: Member full name, request estimated amount, current possession points

 

In addition, the damage except cf. information including information update, the abuse is not confirmed at present.

 

Process

After there being the proposal "that a notice of unfamiliar login email reached" from the customer, and pushing forward an investigation, I hung it in both sites for from Monday, July 6, 2020 to Monday, August 3, and injustice login confirmed what was tried.

 

<correspondence and preventive measures to a customer against recurrence>

①Correspondence to the customer who might be damaged of the unjust login

→I ask a target customer for the change of the password after contacting you by an email individually by the end of Wednesday, August 5.

 

From Mitsukoshi Isetan online store and MI CARD, I guide you by an email each.

When I set a password same as other companies service, the customer would appreciate your changing it for the password that is not supposed easily by others for prevention of unjust login. I'm sorry to trouble a customer, and I'm very sorry, but please change the password to the email according to an attached procedure.

 

②System measures for security enhancement

→Unjust login interrupted the access from a tried IP address and I carried out the introduction of the new security equipment and the tuning of the existing security equipment and strengthened security measures. In addition, about this case, I push forward the correspondence that I put consultation, the third-party organization to the police in.

 

I sincerely apologize for having caused you a nuisance and worry.

I take this situation solemnly and will try for the further reinforcement of security measures for prevention of recurrence.

 

I would appreciate your contacting us below for inquiries if you have any questions about this matter.

 

[inquiry window about this matter]

■Mitsukoshi Isetan online call center

Phone number 0120-116-326

From 10:00 a.m. to 6:00 p.m.

 

■MI CARD call center

Phone number 0120-116-236

From 10:00 a.m. to 6:00 p.m.

 

 

Mitsukoshi, Ltd. Isetan

Nagoya Mitsukoshi