We deeply apologize to our customers and the involved parties for the concern caused by the unauthorized access to the accommodation reservation information management system (hereinafter referred to as “management system”) provided by Booking.com, which we used at our company, and by the distribution of messages to some customers that led them to a phishing site.
We would like to report on the facts that have come to light through our investigation since our previous announcement (June 1, 2023), as follows.
1. Investigation results (cause)
In cooperation with related organizations and specialized companies, we have been investigating the cause and details of the damage. As a result, we have determined that the cause of the unauthorized access to the management system was that one of our terminals that manages the system was infected with malware.
2. Investigation results (damage)
Regarding the possibility of leakage of customers’ personal information (including credit card information) contained in the accommodation reservation information (for stays between May 1, 2022 and March 31, 2024), we have requested confirmation from Booking.com, the system provider, and have been received reports that there is no evidence of such a leakage.
Regarding the message sent to some customers with a URL link leading to a phishing site, we have not received any reports of damage at this time.
We ask that customers continue to exercise caution and, if they receive such a message, not to access the URL link attached to it.
3. Future actions and measures to prevent recurrence
Based on the results of the investigation and suggestions from related organizations, we introduced security tools and provided training to our employees. We will continue to further strengthen our measures.
In the unlikely event that a customer is confirmed to have been harmed by a personal information leak or phishing attempt in the future, we will promptly contact the relevant parties and take the necessary action.
4. Customer Inquiries
For inquiries, please contact us through the following E-mail address.