If you’ve taken a trip to Japan through a travel agency, you might be in a bit of trouble. JTB Corp., a major Japanese travel agency, has suffered a data breach in which the personal information on nearly 8 million people was compromised.

BatBlue reports that the leak began with an email phishing attack, where an employee of the subsidiary company i.JTB Corp. opened an email attachment that infected his or her computer. From there, the hacker could access the main server, and obtained access to the personal data of JTB Corp. customers. The data may also include information on customers who used the booking services by NTT Docomo Inc.

Among the stolen data, Nikkei reports, are the names, addresses, email addresses, and passport numbers of approximately 7.93 million people. JTB states that around 4,300 of those passport numbers are still valid, which means the hacker or anyone who purchases the stolen information can misuse them.

If your passport number was among those stolen, report it and get a replacement immediately. Identity Theft Awareness provides instructions on reporting stolen passports and requesting new ones, and advises acting as soon as possible.

JTB President Hiroyuki Takahashi has apologized for the breach, and has notified law enforcement. The investigation is ongoing, but there are currently no instances of the data being abused.

Photo by Moyan_Brenn