Kyushu Railway Co. said Friday that personal and credit information on up to 8,000 customers were stolen from the goods store website for its "Seven Stars in Kyushu" luxury cruise train.
The leaked information includes customers' names, addresses, phone numbers, email addresses, date of birth and type of work, according to JR Kyushu. Credit card numbers, security codes and expiration dates of up to 2,800 customers were also stolen.
The website may have been hacked between Oct. 5, 2013 and March 11, 2019, when it was shut down after the discovery, said the company, which offers the popular train service on the southern mainland island of Kyushu.
The theft was discovered when some customers who had used the site called their credit card companies to complain about suspicious purchases. The total amount of financial damage and the number of thefts are not yet known.
Victims include passengers of the exclusive train cruise which runs a 3,000-kilometer loop around Kyushu, covering its seven prefectures.
Passenger information from its online reservation site has not been leaked but to ensure its security the company has suspended online reservations for the October 2019 to February 2020 period, according to the railway company.
"We deeply apologize for causing our customers extreme trouble and concern," Hiroyuki Fukunaga, the company's senior corporate officer, said.