TOKYO, Jun 19 (Pulse News Wire) – Yellow Hat Ltd. (9882.T) reported today that a cyber attack compromised personal data of up to 3,179,454 members through its subsidiary, 2Rinkan Yellow Hat Co., Ltd.
The incident was initially disclosed on April 23, 2026, and further investigations confirmed unauthorized API calls began on April 20, 2026, at 4:54 AM. The affected data includes names, addresses, phone numbers, birthdates, genders, email addresses, membership numbers, app user IDs, passwords, point balances, and vehicle information. Credit card details were unaffected due to external payment systems used by 2Rinkan Yellow Hat Co., Ltd. Immediate actions included isolating the server and conducting thorough checks which did not reveal additional suspicious activity. In response, Yellow Hat Ltd.
Has notified potentially impacted customers via multiple channels including their website, emails, SMS, and dedicated support lines. Enhanced security measures such as system reconstruction and API modifications are underway, aiming to resume operations by October 2026. Customers are advised to monitor updates on the 2Rinkan website. The company stated that the costs associated with these measures are unlikely to significantly impact its consolidated performance. It also noted ongoing cooperation with the Personal Information Protection Commission and local police authorities for further investigation.
🟢 Confidence: High AI-translated content.