Top Management Message June 26, 2003

Illegal Passing of Customer Information

Lawson has learnt that personal information registered for LAWSON PASS cardholders has been passed illegally to outside parties. The information includes cardholder names, addresses, gender, marital status, date of birth, and home and mobile phone numbers. Investigations to this point have ascertained that no credit information injurious to the privacy of cardholders has been leaked.

The LAWSON PASS credit card is issued by Lawson and affiliate LAWSON CS Card, Inc. (LCS), while management and use of cardholder information is handled by a third-party firm on a contract basis. After learning of this incident, Lawson and LCS began investigations into how this contractor operates its systems, who had access to information, what information was leaked, and who the information was passed to. Although these investigations are ongoing, Lawson decided to make an announcement at this stage, considering the trouble caused to cardholders.

On June 9 and 18, separate inquiries were received from three cardholders who reported receiving unsolicited mail at addresses registered only with Lawson and LCS. As a result of investigations at the direct mail company that sent out the unsolicited mail, LCS ascertained that information of the approximately 560,000 LAWSON PASS cardholders registered as of August 17, 2002 had been leaked and some cardholders had been sent direct mail. Upon learning this, Lawson launched a full-scale investigation. Steps were also taken to ensure that the company responsible for the direct mail erased all cardholder data and refrained from sending further unsolicited mail. In conjunction with this investigation, Lawson sought police advice. Moreover, the investigation was also able to confirm that no credit-related information of cardholders, the management of which is entrusted to Credit Saison, Ltd. on a contract basis, had been leaked.

In order to determine how and why the information was leaked, Lawson has also established an investigating committee, chaired by an attorney from outside the company with expertise in these matters, and is also involving outside directors. Moreover, on June 24, Lawson formed a Personal Information Protection Committee to review systems and procedures, including those of group companies, to prevent unlawful access to personal information. At the same time, outside experts have been called in to give advice on enhancing security. Specific improvements to be implemented will include a system that specifies user access and prevents personal information leaks to outside parties.

We wish to express our deepest apologies to cardholders for any concern caused by this incident. We want to assure you that we are undertaking a rigorous review of information security measures to prevent a reoccurrence of this situation in the future. The following is a brief summary of the chronology of events and the measures we have taken in response.

Chronology and Response

Chronology and Response

June 9 Inquiry from cardholder
June 10 Internal investigation launched
June 18 Inquiry from another cardholder
June 19 Cardholder information leak confirmed
June 23 Investigation committee formed and law enforcement authorities contacted
June 24 Committee to safeguard personal information set up


No. of cardholders at May 31, 2003: Approx. 1.15 million

Response to LAWSON PASS cardholders

To be sent a letter of apology and gift voucher

Inquiries from LAWSON PASS cardholders:

Lawson Customer Center
Free Dial: 0120-65-3963

June 26, 2003

Takeshi Niinami
President and CEO

Archives(Back Numbers)