Fast Retailing Co., Ltd., the parent company of Uniqlo, has revealed issues in its management of customer data, leading to unauthorized access by contractors who were not authorized to have this information.
After conducting an investigation, the company's internal department discovered that some employees and contractors had access to personal information that exceeded what was required for their work.
The company revealed on July 2nd that the error was due to a setting in its information system that was not sufficient to properly monitor the services provided to customers.
The system stored personal information between June 2023 and January 2024, which was not intended.
The company assured that no personal information was compromised or accessed by unauthorized individuals, as access was restricted to authorized employees and contractors only.
Fast Retailing's announcement provides a clear explanation of the incident, including its background, the steps taken to address it, and the measures planned for the future to prevent similar incidents
In January 2024, the company's information system department made an unsettling discovery – personal information was being accessed by unauthorized individuals.
“We quickly took action by blocking access to the system and putting in place a mechanism to detect and isolate data that contains personal information.” The company stated.
Scope of the exposed data
The company discovered that personal data had been stored in the system as a result of a configuration error, which granted unauthorized access to certain contractors.
Although the system had strict access protocols in place to prevent unauthorized access, an error occurred that allowed certain contractors to view data they were not authorized to handle.
The company obtained written confirmations from these contractors, ensuring that no data was stored or removed. The company has clarified that this problem only impacted customers who met certain conditions, and not all customers.
Here is the personal information that was compromised during the breach, affecting customers who used Fast Retailing's services from June 2023 to January 2024:
Thankfully, the exposed information did not include credit card details or online store passwords.
Company's Response
Fast Retailing will reach out to impacted customers through email or postal mail, using the contact information they have on record.
This notification will give you a clear and concise explanation of the incident and its possible consequences.
The company stated that the incident occurred due to a lack of thorough specification checks during the development stage of the information system and insufficient monitoring during operation.
Fast Retailing will update its procedures to restrict access to personal information that is not necessary for business purposes, in order to prevent future incidents.
The company expressed regret for the delay in announcing the breach, which was first detected in January 2024.
Fast Retailing decided to conduct a comprehensive investigation to prevent the dissemination of unclear or incorrect information that could lead to confusion.
Although the investigation is still in progress, the company believed it had gathered enough information to share with the public in a clear and thorough manner.