Kanko Online Shop Breach: Thousands of Customer Credit Card Details Exposed

Japanese school uniform retailer Kanko Online Shop has disclosed a significant data breach affecting its “Kanko Online Shop Harajuku Select Square” e-commerce site. Up to 3,827 customers who made purchases between April 2021 and August 2023 may have had their credit card information compromised.

What Happened?

• Unauthorized Access: Attackers exploited a vulnerability in Kanko’s payment systems.
• Data Theft: Names, addresses, phone numbers, dates of birth, and full credit card details were exposed.
• Delayed Disclosure: Kanko took months to investigate and confirm the breach, only releasing information now.

It’s important to note that the breach was confined to the “Kanko Online Shop Harajuku Select Square.” Kanko’s other ventures, including school-oriented e-commerce platforms, measurement systems, and shop systems, remain secure, operating on an entirely separate and unaffected system.

Following alerts from credit card companies on September 27, 2023, about potential data leaks, Kanko immediately suspended card transactions on the affected platform and embarked on a thorough investigation. By December 8, 2023, the probe confirmed the leakage of customer credit card information dating from April 25, 2021, to August 21, 2023, including the possibility that some of this data was illicitly utilized.

What You Need to Do

• Check Statements Closely: Review all recent credit card statements for any unusual activity.
• Report Fraud: Contact your credit card issuer immediately if you notice anything suspicious.
• Consider Card Replacement: Kanko will work with card companies to waive card replacement fees.

Kanko’s Response

The company has apologized, but their delayed disclosure is concerning. They claim to be working on strengthening security measures and have already launched a new version of the affected website. Kanko is proactively reaching out to those impacted, showcasing a commitment to rectify the situation.