Fast Retailing Co. revealed that two of their stores, Uniqlo and GU were targeted in a data breach. Over 461,000 customer accounts were affected in this attack. The data breach took place between April 23 and May 10 and confined to Japanese websites.
Fast Retailing in a press release stated:
“We deeply apologize to our customers and stakeholders for any inconvenience or concern. We will strive to further enhance security and ensure safety so that similar events do not occur.”
Malicious actors conducted a credential stuffing attack. In this type of attack, threat actors take usernames and passwords taken from a previous major attack and try to use those credentials on other sites. This attack often works because people often use the same usernames and passwords across multiple sites.
Personal data accessed in the attack includes name, address, phone numbers, email address, date of birth, purchase history, shipping name, and part of credit card information like expiration date and half the numbers.
The data breach was discovered after customers reported strange activity on their accounts. Once the attack was recognized immediate action was taken. After identifying, the origin of the unauthorized login, they blocked access and increased their monitoring on other services. Additionally, they disabled account passwords for 461,091 Uniqlo Japan and GU Japan online customers.
At this time, they are recommending that online customers change their passwords. Further, all passwords should be unique and different from other company services. They have also set up a hotline and email for concerned customers to call for more details on the data breach.
They have stated:
“If you use the same user ID and password as other companies’ services, please change your password as soon as possible. We recognize that the protection of customer information is our top priority, and we sincerely accept the occurrence of this situation and maintain an environment where customers can shop more safely and securely, such as strengthening monitoring of unauthorized logins.”
If your organization was attacked, contact LIFARS now