Mitsubishi UFJ Securities announced earlier this month that an employee had stolen its entire customer list of nearly 1.5 million accounts. The employee then sold the information for 49,159 of those accounts, exposing the data to thirteen companies.
According to a report from the Mainichi Daily News, further investigation revealed that the information had been sold and resold to a total of 80 companies. According to Mainichi,
"Retrieving the customers' information has proved difficult, and the securities company is considering buying back the information and paying the customers compensation."
There have been no cost estimates announced yet, but as is the case in most security breaches resulting in the loss of customer data, the costs associated with the incident will far outweigh the cost of enforcing the information security plan by auditing controls and user activity.
Comments