Sankei Lingerie Data Breach: Up to 292K Records, Including 71K Credit Cards, Exposed in Major Mail-Order Hack
March 6, 2025
In January 2025, hackers exploited a vulnerability in Sankei’s mail-order website, leaking sensitive data—including credit card details of 71,943 customers. Learn what happened, how it unfolded, and the urgent steps taken to protect users.
- Incident
Table of Contents
Incident
In January 2025, it was revealed that the mail-order website operated by Sankei Corporation—a leading underwear manufacturer—suffered unauthorized access, potentially resulting in the leakage of up to 292,707 records. Among the compromised data, credit card information of 71,943 customers is of particular concern.
Details of the Incident
- Event:
In January 2025, Sankei’s mail-order site was breached, with up to 292,707 pieces of personal information at risk. - Data Compromised:
- Credit Card Information:
- Cardholder name
- Card number
- Expiration date
- Security code
- Personal Information:
- Email address
- ZIP code
- Phone number
- Credit Card Information:
These records belong to users who made credit card payments on the old website between December 27, 2019, and May 15, 2024. In addition to the credit card data, the personal information of other users—whose records did not include card details—brings the total to approximately 292,707 affected entries.
Cause of the Breach
According to Sankei’s report, the breach was triggered by a third party exploiting a known vulnerability in the old website’s system. The attackers tampered with the payment application, intercepting credit card information as users entered it—a method that, despite its decades-long existence, continues to endanger e-commerce platforms.
Countermeasures and Warnings
- Immediate Actions:
The compromised site has been shut down, ensuring that no further data leakage occurs. Since May 15, 2024, Sankei has operated a new, independent platform whose security has been thoroughly validated. For now, credit card payments on the site are suspended, with alternative payment methods available. - Customer Advisory:
Users are strongly urged to review their credit card statements for any signs of unauthorized transactions. Additionally, if the same login credentials are used across multiple platforms, it is advisable to change them promptly. - Broader Implications for E-commerce Operators:
This incident serves as a stark warning. A significant number of e-commerce platforms—by 2024, around 95%—have experienced information breaches, with 26 companies reporting credit card data leaks. In total, approximately 557,578 credit card records have been compromised across the sector. To mitigate these risks, operators are encouraged to implement layered security measures, such as using security codes, adopting 3D Secure authentication, and deploying fraud detection systems. Notably, the adoption of EMV 3-D Secure has reached 62.1% as of 2024 and is expected to become mandatory by March 2025.
Conclusion
The unauthorized access at Sankei’s mail-order site underscores the critical need for stringent security protocols in e-commerce. Both operators and users must take proactive steps to safeguard sensitive information against evolving cyber threats.
Reference:
-
🇯🇵🔓Japan Data Breach Cases 2025 | Major Data Leaks, Cyber Attacks, and Countermeasures
-
1Japan’s Innovation Agency Hacked – 7,600 Records Leaked – Maybe They Should Innovate a Firewall?
-
2Ransomware Knocks Out Japanese Clinic – 300,000 Patient Records Exposed
-
3Unauthorized Access to Hands Club App by Hands Co., Ltd.: Japan Data Breach Case 2025
-
4Kaikatsu Club Hacked: 7.29 Million Member Data Exposed
-
5ZACROS Ransomware Nightmare: 157K Personal Records Exposed in Major Data Breach
-
6ISEKI Hokkaido Ransomware Scare: 53.6K Personal Records at Risk in Cyber Attack
-
7Sankei Lingerie Data Breach: Up to 292K Records, Including 71K Credit Cards, Exposed in Major Mail-Order Hack
-
8NTT Communications Data Breach: Over 17,000 Corporate Clients Affected in Major Security Incident
