Aoki Holdings Confirms Data Breach at Subsidiary Potentially Affecting Millions

In Data Breach News
January 29, 2025

From Aoki Holdings in Japan, this updated statement of January 28, 2025:

AOKI Holdings Inc. sincerely apologizes to customers and others for the concerns and problems caused by the cyberattack that was announced on January 21, 2025. It has been confirmed that unauthorized access occurred on the servers of KAIKATSU FRONTIER Inc., one of our subsidiaries, potentially resulting in a data breach involving some customer personal information

AOKI Holdings and KAIKATSU FRONTIER are continuing to investigate the incident and responding as
needed. Newly discovered information about this incident is as follows.

At this point, the investigation has not discovered any stolen personal information or secondary damages.

Potentially affected subjects and stolen personal information

Subjects:

  • KAIKATSU CLUB members (Some of the individuals who became members between October 1,
    2015 and January 20, 2025)
  • KAIKATSU CLUB provisional members (Some of the individuals who became members between
    March 25, 2019 and January 20, 2025)
  • FiT24 members and FiT24 Indoor Golf members (Some of the individuals who became members
    between October 30, 2018 and April 1, 2023)

Personal Information:

Full name / full name in Katakana, gender, postal code, address, phone number, birth date, membership numbers, membership type, membership status, current points balance and expiration date, shop code, the most recent transaction date and time, barcode, push notification request, coupon message

Personal information records: 7,290,087

Additional information can be found at Aoki Holdings (.pdf). Those responsible for the attack have not been publicly identified or claimed responsibility for the attack. Aoki’s statement does not indicate whether they received an extortion demand or not.