Data Breachesโ Exposeโ Nearly 60,000 Customersโ in Asia: Adastria, Guangya Under Investigation
Table of Contents
Tokyo – A series of data breaches affecting Japanese multinational corporations has compromised โthe personal information of nearlyโค 60,000 individuals across asia, prompting investigations and raising seriousโค concerns aboutโ data โฃsecurityโค practices. โTheโ incidents, involving clothingโ retailer Adastria and jewelryโ manufacturer Guangya, underscore the escalating threat of cyberattacks and the importance of robust data protection measures.
adastria Data Leak: Scam Attempts andโข Dark Web Exposure
Adastria, which operatesโข popular clothing brands like niko and…, GLOBAL WORK, and LOWRYS FARM, reported a data breach impacting 59,205 customers. Theโข breach stemmed from unauthorized access โขto a third-party platform โขvia a compromised employee account.โ Hackers, โusing administrator โขcredentials, downloaded order informationโฃ containing names, phone numbers, and delivery addresses.
The compromised data surfaced on the “dark web“โ approximately โขtwo monthsโฃ after the initialโค intrusion, making it readily available for malicious purposes. Customers began reporting suspicious calls in early November, โคwithโ scammers posingโฃ as โคAdastria employees and requesting โคbank account details under the guise of resolving quality issues with purchased โgoods.
Didโค You Know? The dark web is a hidden part of the internet that requires specific software โขto access, often used forโค illegal activities likeโฃ selling stolen data.
Guangya Jewelryโฃ Breach: Outdated Security and Account โขMismanagement
Guangya Jewelry Trading Co.,โค Ltd., and its retail arm, Aijieโ managementโค Co., Ltd., experienced โa separate breachโข affecting approximately 79,400 individuals, including customersโฃ and employees. โคThe incident involved a โhacker gaining access through an account belonging toโ aโ former employeeโค who had resigned thirteen years prior.The hacker exploited a brute-force attack to โobtainโ credentials and afterward injected โmalware into โthe system, gaining control of the โdatabaseโค server.
Investigations revealed critical securityโข failings, including โtheโฃ use โคof โฃoutdated firewall and โคantivirus software, as โฃwell as โan unsupported operating system for the database โserver-one that had โreached its end-of-life four years ago. Furthermore, the companies failed to promptly disable theโค account of the former employee or โขimplement multi-factor authentication, creating a significant vulnerability.
Pro โTip: Regularly review and revoke access privileges for former employees to minimize the risk โคof unauthorizedโ access.
Privacy Commissioner’s Findings and Corrective Actions
The Privacy Commissioner’s Office, after thorough investigations, determined that both Adastria, Guangya, and Aijie failed to take adequate measures โขtoโ protect โpersonal data, violating provisions within the Privacy โคOrdinance.โข Zhong Liling, aโฃ personal data โขprivacy specialist, emphasized the lack ofโฃ proactive โsecurity โmeasures by Adastria, stating, “If Adastria takes appropriate โคand sufficient institutional and โขtechnical โคmeasures before the โincident, this โdata leakage accident is quite a chance toโข avoid.”
The Commissioner has issuedโค enforcement notices requiring the companiesโค to โrectify โthe violations and implementโ preventative measures to avoid future incidents. These measures include strengthening password management, enabling multi-factor authentication, restricting IP address access, โand promptly deleting inactive โaccounts.
Summary of Data Breaches
| Company | Number of Individualsโ Affected | Type of Data Compromised | Root Cause |
|---|---|---|---|
| Adastria | 59,205 | Names,โ phone numbers, โdeliveryโ addresses | Compromised employee account viaโ third-party platform |
| Guangya/Aijie | 79,400 | Names, Hong kong โID numbers, date of birth, phone numbers, date of entry | Outdated software, compromised formerโ employee โaccount |
These breaches highlight the growing need โfor organizations โฃtoโ prioritize cybersecurity and โdataโฃ protection. Accordingโ to a 2023 โขreport byโ IBM, the โฃaverage cost ofโค a data โขbreach reached a record โขhigh of โค$4.45 million [[1]], emphasizing the significantโข financial and reputational risks associated with inadequate securityโค measures.
What โsteps can businesses take to better protect customer data in an increasingly complex threat โฃlandscape? How can individuals safeguard their personal information from falling into โthe wrong โhands?
Data breaches have become increasingly common in recent years, driven by the โsophistication of cybercriminals โand โคthe โขexpanding digital landscape.โ Theโข rise of remote work and cloud computing has further broadened the attack surface, creatingโข new vulnerabilities for organizations to address.โข Proactive โขsecurity measures, including โregularโข vulnerability assessments,โ employeeโข training, and robust incident response plans, are essential for mitigating the risk of data breaches.โ Furthermore, compliance โwith data privacy regulations, โsuch as GDPR and CCPA,โข is crucial for protectingโ customer โขdata and avoiding โขhefty fines.
Frequently Asked Questions about Data Breaches
- What is a data โbreach? Aโ data breach is a security incident where sensitive,โ protected,โค or confidentialโข data โฃis copied, transmitted, viewed, stolen orโฃ used โby an individual โunauthorized to do so.
- What should โฃIโ do if I suspect myโฃ data has been compromised? Immediately change yourโค passwords, monitor your financial accounts for suspicious activity, and report the incident to the relevant authorities.
- How can companiesโฃ prevent data breaches? Implement โคstrong security measures, including firewalls, intrusion detection systems, and data โฃencryption. Regularly update software and conduct security audits.
- What is multi-factor authentication? Multi-factorโฃ authentication adds an extra layer of security โฃby requiring โusers โto provide multiple forms of identification, such as a password and a code sent to theirโฃ phone.
- What are the โคlegal implications of a data breach? Companies that experience data breaches may face legal penalties, including fines and lawsuits, depending onโข the severity โof theโค breachโค and the applicable data privacy regulations.
We hope โขthis report provides valuable insights into the recentโค data breaches โขand the importance of data security. Please โshare this article with yourโ network to raise awareness about โขthis critical issue. โค We โฃencourage you to โคleaveโ your comments โand questions below, โand subscribe to ourโค newsletter โคfor the latestโ updates on cybersecurity and data privacy.