We have discovered that some of the personal information held by our company has been leaked due to unauthorized access to the server of an external company to which we had outsourced the distribution of our IR news emails. We would like to offer our deepest apologies to all involved parties for the great inconvenience and concern this has caused. We have already posted a notice on our corporate website on October 30th, stating, "Please beware of spoofed emails pretending to be from our company." However, we would like to inform you of the following response and measures to prevent recurrence.
We take this incident very seriously and will further strengthen our personal information management system, including the supervision of our business partners, to prevent a similar incident from occurring again.
1. Background
On October 30, 2023, our employees and business partners received a large number of "spoofed emails" in which the sender information was disguised as an email address in our domain (@tanseisha.co.jp). At the same time, the Tokyo Metropolitan Police Department Cyber Crime Division pointed out that the server of a business partner may have been hijacked, and we became aware of this situation.
On the same day, we suspended domain permission for the outsourced server, and took measures to prevent emails from being sent from our domain. We also posted a notice on our corporate website to warn people outside the company and took measures to prevent secondary damage from spreading.
We have also reported this matter in a timely manner to the Personal Information Protection Commission and the Japan Information Technology Promotion Association.
2. Leaked personal information
(1) Items of personal information
The email address registered to our IR news emails.
*No information such as bank account numbers, credit card numbers, etc. is included.
(2) Subjects and number of cases
641 email addresses for shareholders, investors, customers and employees.
3. Causes of the outbreak
We believe that the cause was unauthorized access from a third party to the server of our outsourced company.
4. Presence or absence of secondary damage or risk of secondary damage
We have confirmed that multiple spoofed emails were sent to the leaked email addresses, with the sender information disguised as an email address in our company's domain (@tanseisha.co.jp).
In addition, we have already stopped allowing the domain to access the server, so this issue is not occurring at present.
5. Measures to prevent recurrence
The outsourcing of work to the subcontracted company will cease in November 2023, and we are currently changing the contract to a new subcontractor whose eligibility has been confirmed.
We will also educate our employees, screen and confirm the eligibility of business partners, and continuously supervise them in order to further strengthen our personal information management system.
6.本件に関するお問い合わせ
本件に関してご不安な点やご不明な点がございましたら、下記のお問い合わせ窓口までご連絡をお願いいたします。
株式会社丹青社 個人情報保護苦情・相談窓口
〒108-8220 東京都港区港南1-2-70 品川シーズンテラス19F
privacy@tanseisha.co.jp
Related News
Please note that this may be subject to change without prior notice.