Notice of resumption of credit card payments
Dear ApparelX Global customers,
Since we have received approval from the credit card companies for the security measures we have implemented, we resume credit card payments from 8:00 a.m (JST). today. We would like to express our sincere apologies for the inconvenience and concern caused to our customers and all other parties involved. We will continue to take all possible security measures to ensure the safety of our customers' purchases.
1. Background of the resumption
As explained in the "Apology and Notice Regarding Credit Card Information Leaking" reported on March 29, some customers' credit card information was leaked due to unauthorized access to our website. We have solemnly accepted the situation and have taken measures to prevent its recurrence, but after an investigation by a third-party investigation organization and a review by the credit card companies, we have decided to resume credit card payments.
2. security measures implemented
In order to prevent similar incidents from happening again in the future, the following measures were taken:
- The vulnerability in the file upload function was immediately fixed, and SELinux was enabled to improve security regarding tampering prevention. (December 2020)
- The server environment has been migrated to a secure public cloud environment consisting of the latest OS and middleware. (Dec. 2020)
- Installed a highly functional firewall (WAF) to block unauthorized access and attacks. (January 2021)
- Two-step authentication has been implemented for the server environment and management tools. (February 2021)
- Anti-virus software has been installed on the server, and virus checks are being conducted on a regular basis. (Feb. 2021)
- Periodic application of critical OS/middleware level patches. (Mar. 2021)
- Implemented FIM (File Integrity Monitoring) solution for file tampering detection. (April 2021)
- In addition to the above, we have established an information security system and rebuilt the operation and monitoring system in accordance with the requirements of PCI DSS.
3. Future plans
First of all, we will do our best to strengthen security and monitoring so that our customers can purchase products safely. Each of the credit card companies is currently analyzing the actual situation of fraudulent use, and will report back to us by the end of August. We would like to reiterate that we will fully reimburse you for the damage caused by the unauthorized use and the replacement cost of the card. Please do not worry about this.
4. For inquiries regarding the matter
<<Design X Inc. Customer Service Desk>>
Operating hours: 9:00 to 18:00 (Japan Time, excluding Saturdays, Sundays and holidays)
Telephone number: +81-3-6285-2811
E-mail address: firstname.lastname@example.org
Thank you for your patience, understanding, and cooperation during this unexpected situation.
Design X Inc.
Haruhiko Yamamoto, CEO