Japan's largest travel agency JTB Corp says 7.93 million passport details, and home and email addresses may have been stolen by hackers.
Executives at the company held a press conference bowing in apology for the feared breach and telling local media it may have stemmed from staffer who opened phishing-borne malware.
The company felt the need to point out that some 43,00 of the passports are still valid, indicating the breached database also contained old records.
"I apologise for causing trouble and worry to our customers and other people concerned,” JTB President Hiroyuki Takahashi told media.
The company has notified police, and has not yet detected criminal use of the data. Such use would be difficult to detect however since the credentials would be a golden chalice for identity thieves.
Passport information coupled with email and street addresses would be sufficient to pass many security checks required to access and open sensitive accounts.
Once a government corporation, JTB Corp has some 26,000 staff and locations in many countries.
It posted ¥12.58 billion in profit on sales of ¥1.34 trillion last year.
A year ago the Japan's Pension Service network was breached via an infected staffer machine leading to the disclosure of 1.25 million records on elderly folk in the island nation.
In 2011 Mitsubishi Heavy Industries was hacked again thanks to malware-infected boxen.
Japan was also reportedly subject to hacking attempts as part of its bid for Australia's A$50 billion submarine contract, awarded to French firm DCNS. ®