Cyber Incident Victim: Ezaki Glico Co.

On January 29, 2016, Ezaki Glico Co., a Japanese confectionery manufacturer, received a report from a credit card company indicating a potential compromise of customer data through its online shopping platform. The company immediately suspended all credit card payment processing on the affected website that same day to prevent further unauthorized transactions. Ezaki Glico engaged a third-party investigator to assess the scope and origin of the breach, initiating a formal inquiry into the security incident. The investigation confirmed that attackers had gained unauthorized access to the e-commerce system, though the specific methods of intrusion were not publicly disclosed. No evidence suggested physical theft or internal misconduct as contributing factors to the breach.

By March 7, 2016, the investigation revealed that personal data belonging to 83,194 customers had potentially been exfiltrated during the incident. Among these records, 43,744 contained sensitive credit card information linked to online purchases. The compromised data included names, addresses, and payment card details, but the company did not confirm whether CVV numbers or card expiration dates were accessed. Ezaki Glico publicly acknowledged the breach through a statement reported by JIJI Press, emphasizing ongoing cooperation with financial institutions and forensic experts. The company maintained website operations for non-transactional functions while credit card payments remained suspended indefinitely. No ransomware demands or public claims of responsibility by threat actors were reported in connection with the incident.