Personal data on almost 4 million customers of Japanese telecom carrier KDDI has been leaked, the company has admitted.
The data includes names, addresses and telephone numbers of 3,996,789 people who had applied for accounts with KDDI's Dion Internet provider service up to December 18, 2003, KDDI said.
Additionally the gender, birthday and e-mail addresses of some of the customers was also leaked.
KDDI is Japan's second largest telecommunications carrier. It operates fixed line, dial-up Internet, broadband and cellular services through a number of different companies.
The carrier became aware of the leak on May 31 this year when it received a phone call from someone claiming to possess a CD-ROM of the data, said Yoko Watanabe, a spokeswoman for the Tokyo-based carrier.
The original source of the data has yet to be determined and Watanabe declined to comment on other aspects of the case, which is being investigated by the police, she said.
The leak is just the latest of several to hit the headlines in Japan this year. Personal information has been leaked by companies a number of times onto the Internet through viruses that infect PCs running file sharing programs.
While the source of the data lost by KDDI is not yet clear, the episode is likely to increase fears of identity theft and other fraud in Japan.
In recent years the number of frauds committed against consumers using such information has been on the rise. Armed with the name and address or telephone number of a consumer, fraudsters can send out bills or make calls demanding payment for services that were never delivered.
The slick frauds often dupe consumers into sending money before they realise they have been tricked.