Cyber Incident Victim: GU Japan

The GU Japan data breach occurred between April 23 and May 10, 2019, when attackers compromised 461,091 customer accounts across the UNIQLO Japan and GU Japan online stores through credential stuffing. Fast Retailing, the parent company of both brands, confirmed unauthorized third parties accessed accounts by automating login attempts using credentials likely obtained from underground markets. The attackers exfiltrated customer names, physical addresses, phone numbers, email addresses, purchase histories, and partial credit card information. The breach remained active for over two weeks before detection, with investigations continuing after the initial disclosure. Fast Retailing disabled passwords for all affected accounts and issued password reset instructions to compromised users. The company directly notified impacted customers about the incident but did not initially disclose whether the attackers successfully monetized the stolen data.

The breach exposed vulnerabilities in Fast Retailing's authentication systems, particularly the absence of robust two-factor authentication measures that could have mitigated credential stuffing. Cybercriminals exploited password reuse patterns among customers, a common tactic evidenced by Akamai's 2018 report documenting 28 billion credential stuffing attacks targeting retail sectors. Fast Retailing established dedicated support channels, including a toll-free phone line (0800-000-1022) and email assistance, to address customer concerns. The incident affected a significant portion of the company's domestic e-commerce operations, which accounted for 10% of sales during the first half of its fiscal year. No technical details about intrusion vectors or forensic findings were disclosed beyond the confirmation of credential stuffing as the primary attack method.