The Meat Guy
Store access
March 24, 2025
Apology and Report of Investigation Results Regarding the Potential Leak of Personal Information Due to Unauthorized Access to "The Meat Guy Official Website" Operated by TMG International Co., Ltd.
On December 19, 2024, we announced that the "The Meat Guy Official Website" operated by our company had been subject to unauthorized access by a third party in our "Notice of Unauthorized Access and Security Breach." As a result of an investigation by a third-party investigation agency, it was discovered that personal information of customers in the database (103,006 cases), including credit card information (approximately 6,929 cases), may have been leaked.
We deeply apologize for the inconvenience and concern caused to our customers and all other concerned
parties.
Starting today, we will be contacting those customers whose personal information or credit card information
may have been leaked individually
by email or post to offer our apologies and notice of the incident. We will also contact those customers who
did not receive the email by post instead.
We take this incident very seriously and will take measures to prevent a recurrence.
Once again, we apologize to our customers and all other parties involved, and would like to provide the
following details regarding this matter.
1. Background
At around 12:00 on November 29, 2024, we received a call from a customer reporting that the payment method
section on the checkout page
on The Meat Guy Official Website was not working properly and we discovered that some parts of the
administration page of the website were no longer displaying properly.
Then, we contacted an external security company and began an investigation into the site's system.
On December 2, 2024 we discovered suspicious code. After having an external security company check and
investigate the access logs, we determined that there was a
high possibility that malicious code had been embedded, so we temporarily closed The Meat Guy Official
Website itself.
At this point, there was a possibility of data breach, so we reported the matter to the Personal Information
Protection Commission,
filed a notice with the local police station, and reported the matter to the credit card payment processing
company, and then announced the matter on our website on December 19th.
A forensic investigation has now been completed by a third-party investigation agency. The investigation
has determined that it is possible that personal information of customers who registered on the order and
checkout screen on 'The Meat Guy Official Website,' as well as credit card information entered by customers
who made purchases between August 20, 2024, and December 2, 2024, may have been leaked.
In addition to the above, it is possible that credit card information of customers’ who entered their credit
card information on the fake payment form but did not make a purchase, as well as credit card information
entered only on the fake payment form, may have been leaked, but we have not been able to identify these.
We would like to offer our deepest apologies to our customers and all other parties involved for the
inconvenience and concern this has caused.
2. Status of Personal Information Leak
(I) The Cause
There was a vulnerability in part of the system of "The Meat Guy Official Website" operated by our company, and this vulnerability was exploited to embed malicious code that manipulates data on the website.
(II) Customers with Potency of Personal Information Leak
The following information may have been leaked from 103,006 customer information registered on the order and payment screen (including 40,035 pieces of purchasers and delivery address information):
・Name
・Address
・Company name
・Phone number
・Email address
・Purchasers information and delivery address
・Member ID and password
(III) Customers with Potency of Credit Card Information Leak
Customers (6,929 people) who made a purchase (payment method: credit card) from the order/checkout screen
on
"The Meat Guy Official Website" between August 20, 2024 and December 2, 2024, and customers who entered
their credit card information once
but encountered an error then canceled the purchase after November 29, 2024.
The information that may have been leaked is as follows:
・Card number
・Cardholder name (Only the customers who have processed their orders since Nov. 5th 2024)
・Expiration date
・Security code
In addition, both of (II) and (III) above also include customers who entered their personal information, including credit card information once, but encountered an error and then canceled the purchase between November 5, 2024 and December 2, 2024, when there were concerns that fake order and checkout screens may have occurred. However, we have not yet identified these customers. The information that may have been leaked among the possibly leaked information described in (II) and (III) is the information entered into the fake order/payment screen.
We will contact customers who fall under (II) and (III) above by email or post to offer our apologies and notice of the situation. We will also contact customers who did not receive the email by post.
3.Requests to Customers
We have already been working with credit card companies to continue to monitor transactions using credit
cards that may have been compromised and to prevent fraudulent use.
We apologize for the inconvenience, but we kindly ask that you double-check your credit card statement to
ensure there are no charges you do not recognize.
If you see any charge that you do not recognize, please contact the card company listed on the back of the
credit card.
If your credit card information may have been leaked and you would like to replace your credit card, we have
requested the credit card company to not charge you the fee for reissuing the card.
4. Background of the Announcement
After the concern over the leakage of personal information came to light on December 4, 2024, we posted
“Notice of Unauthorized Access and Security Breach”
on our website on December 19, 2024. We deeply apologize for the delay in making this announcement.
We determined that releasing uncertain information would cause unnecessary confusion,
and that it was essential to make an announcement only after we had made preparations to minimize
inconvenience to customers.
Therefore, we decided to wait until we had received the results of the investigation by the investigation
company and had coordinated with the card companies before making this announcement.
We would like to once again apologize for the time it took to report the results of this investigation.
5. Measures to Prevent Recurrence and Resumption of the Website Operated by our Company
We take this incident very seriously, and based on the results of our investigation, we will strengthen our
system security measures and monitoring systems to prevent any recurrence.
The reopening date of the renovated "The Meat Guy Official Website" will be announced on the website as
soon as it is decided.
We have already reported this unauthorized access to the Personal Information Protection Commission, the competent authority on December 6, 2024, and have been working with the police since the incident was first discovered on December 6, 2024, and will continue to cooperate fully with any future investigations.
6. Inquiries Regarding this Matter
《Special Consultation Desk》
Available: 9:00 – 18:00 《Weekdays (excluding Saturdays, Sundays and holidays)》
E-mail Address: customer@themeatguy.jp