Cyber Incident Victim: Micard Co., Ltd

On August 5, 2020, Isetan Mitsukoshi Co., Ltd and MI Card Co., Ltd jointly disclosed a data breach impacting approximately 19,000 customers. The incident stemmed from unauthorized access to two digital platforms: the Isetan Mitsukoshi Online Store and MI Card’s official homepage. While the exact intrusion timeline was not detailed in public statements, the companies confirmed the breach resulted in the exposure of customer information across both systems. The announcement did not specify the duration of unauthorized access or the methods used by the threat actor to compromise the platforms.

The compromised data varied between the affected systems. For customers of the Mitsukoshi online store, accessed information included names, addresses, phone numbers, email addresses, and dates of birth. On MI Card’s homepage, the breach exposed member names, expected billing amounts, and current membership points held by individuals. Neither company disclosed whether financial account details, passwords, or payment card data were involved. The announcement provided no information regarding how the breach was detected, containment measures implemented, or whether law enforcement was notified. No customer-facing consequences beyond the data exposure—such as fraudulent transactions or identity theft incidents—were cited in the disclosure.