Mercari Receives the Excellence Award at the MyNavi TECH+ 7th Information Security Incident Response Awards! #MercariDays

Hi, everyone, it’s Yumi (@yumito) from the Mercari Security Team.

On June 28th, a few members from our team attended the award ceremony for the MyNavi TECH+ 7th Security Incident Response Awards.

From the left: Mercari’s Security CISO Office @yumito; Merpay/Mercoin CISO @sowawa; and Mercari Security Strategy Manager @json.
*Face masks were temporarily removed for photos.

The MyNavi TECH+ 7th Information Security Incident Response Awards is an annual event held to recognize and award companies that demonstrated an excellent response to security incidents. Companies are evaluated based on how quick their initial response was to the incident, how often they released follow-up updates, the content of their announcement (cause/background, scope of damage, details of response), and the level of voluntary information disclosure, among other factors.

This year, Mercari was awarded the Excellence Award for our response to the Codecov vulnerability and related notification on personal information exposure, which we made a press release on in May 2021. In our response to this incident, the Security Team received support from members across the company, including the Engineering, Product, Public Policy, Compliance, PR, Customer Support teams, and compliance officers as well our leadership including, the CEOs of our Group companies. It was a true All for One effort.

At the ceremony, Mercari and two other companies that were also recognized for their incident response initiatives received crystal trophies, and there was a panel discussion held with the award judges. Keisuke Sogawa (@sowawa, currently serving as Merpay/Mercoin CISO), who took command of the incident response as Mercari’s CISO at the time, gave a speech accepting the award.

Below is a comment from the judges on why Mercari was selected:

“Mercari dealt with the issue earnestly by disclosing details on the background of the incident and its response to both its users and related stakeholders. This information also served as a reminder to the security community at large to be mindful of the risks lurking within the software supply chain. ”

After we received the award, the team members who attended the ceremony took a moment to share their thoughts:

“First, I would like to take this opportunity to apologize once again for the great concern and trouble this incident caused our users and related stakeholders. As we conduct retrospectives to reflect on the incident and identify what we could have done better, the Mercari Group is also continuing to work on evolving and building our products with an even greater level of security awareness. And, our work won’t stop there—our goal is to help prevent security incidents and improve the level of security not just within Mercari Group, but for society as a whole.

With that being said, I think we’ve realized with this incident that software supply chains are becoming increasingly vulnerable to attacks, and that nobody is safe. Mercari Group cannot uphold a safe and secure society on its own. Our society is built upon the support of many people inside and outside the company. We will continue sharing any knowledge that may be useful for the industry, and our request for you all is to keep sharing your own takeaways from that knowledge to create a cycle where our entire industry continues to learn and evolve. And lastly, I’d like to end with a word of appreciation for all the employees at Mercari Group who, despite it being Golden Week, came together in a true All for One effort to properly deal with this incident. (@sowawa)”

“It’s extremely important for all of us in this industry to look back on the security incidents that have occurred, take the lessons learned, and share that knowledge with other companies. If we can continue to do that, the entire industry will benefit. I hope the retrospective information we’ve shared on what we did well or what we could have done better at Mercari will prove to be useful for other companies. (@json)”

Our Security Team is made up of a diverse group of members who are experts in each of their own respective fields.
And, we are currently looking for new members to join our team! If you are interested in utilizing cutting-edge cloud security technology to establish a new standard for corporate and organizational security, check out the open positions from the link below and join our effort in making Mercari go global. We look forward to hearing from you!

https://careers.mercari.com/search-jobs/?dep=security-privacy
See you next time for more #MercariDays!