Regarding the possibility of customer information being leaked due to unauthorized Access to our server

Updated

We have recently discovered that some of our servers have been illegally Access by a third party, resulting in the possible leakage of personal information of customers (up to 1,518 names). We sincerely apologize for the inconvenience and concern this has caused our customers.
We take this incident very seriously and will take measures to prevent a recurrence.

We would like to report the details of this matter as follows:

1. Background
On February 5, 2026, our Chairlift ticket issuing system experienced a malfunction, so we asked the system management company to investigate and found that some of our servers had been affected by ransomware.
We subsequently requested the company to investigate again, and discovered that personal information was included on the server where the encrypted data was stored.

At present, there is no evidence that the information was taken outside, but an investigation is ongoing. We have already contacted customers individually who may have had their information leaked.

 2. Personal information leaks
The personal information of up to 1,518 customers who purchased GALA 24-25 Season Passport from December 16, 2020 to February 1, 2026. The information that may have been leaked is as follows:

・Name
・Address
·telephone number
・Face photo

*Please note that there has been no evidence of credit card information being leaked to the outside.

 3. Cause of this incident
It was discovered that there was a security flaw in the settings of the network router installed for external Access to the business system.

4. Measures to prevent recurrence
We take this incident very seriously and will take measures to prevent a recurrence by strengthening our system security measures and monitoring system based on the results of our investigation.

The affected system was reopened on February 7th, with some exceptions, after necessary security measures were implemented and the affected server was no longer in use. This incident was also reported to the Personal Information Protection Commission on February 7th, 2026.

5. Requests to customers
We are not currently asking you to take any special action, but please be wary of any suspicious communications such as the following:

Unfamiliar phone calls or mail
・Contact to request confirmation of personal information
・Suspicious information requesting money or procedures

 

 

Discount for qualified persons