April 28, 2021
Dear customers
Design X Co., Ltd.
Representative Director Haruhiko Yamamoto
Notice of resumption of credit card payments
We have received approval from each credit card company for the security measures we have implemented so far, so we will resume credit card payments from 8:00 today. We deeply apologize for the great inconvenience and concern this has caused to our customers and everyone involved. We will continue to take all possible security measures to ensure safe purchases for our customers. Thank you for your understanding.
Record
1. Background of reopening
As explained in the " Apology and Notice Regarding Leakage of Credit Card Information Due to Unauthorized Access to Our Site " that we reported on March 29, some customers' credit card information was lost due to unauthorized access to our website. A situation has occurred where card information was leaked. We take the situation seriously and have taken measures to prevent it from happening again, but after an investigation by a third-party investigation organization and a review by each credit card company, we have decided to resume credit card payments. I did. For more information, please check the " Frequently Asked Questions Regarding Credit Card Information Leakage ."
2. Security measures taken
We have taken the following measures to prevent a similar incident from occurring again in the future.
・In addition to immediately fixing the vulnerability in the file upload function, we also enabled SELinux to improve security regarding tampering prevention. (December 2020)
- We have migrated our server environment to a secure public cloud environment consisting of the latest OS/middleware. (December 2020)
・We have introduced a highly functional firewall (WAF) and have taken measures to block unauthorized access and attacks. (January 2021)
-Introduced two-step authentication for the server environment and management tools. (February 2021)
・We have installed anti-virus software on our servers and perform regular virus checks. (February 2021)
・We regularly apply critical OS/middleware level patches. (March 2021)
-Introduced FIM (File Integrity Monitoring) solution to detect file tampering. (April 2021)
・In addition to the above, we have implemented various security improvement measures, built an information security system, and rebuilt the operation and monitoring system in accordance with PCI DSS requirements.
3. About the future
First of all, we will do our best to strengthen security and monitoring so that customers can purchase products safely. The actual situation of unauthorized use is currently being analyzed by each credit card company, and we are scheduled to receive a report from them by the end of August. Once again, please rest assured that we will reimburse you for any damage caused by unauthorized use and the cost of replacing your card.
4. Contact point for inquiries regarding this matter
≪Design X Co., Ltd. Customer Consultation Desk≫
・Reception hours: 9:00-18:00 (excluding Saturdays, Sundays, and holidays)
・Telephone number: Toll-free 0120-978882
・Email address: contact@designx.co.jp
that's all