The Japan Tourism Agency on Wednesday ordered JTB Corp. to file a report and take preventive measures by June 24 after the major travel agency said it fears personal information on 7.93 million people has been leaked through unauthorized access to its server.

The information includes customer names, addresses, email addresses and passport numbers. Around 4,300 passport numbers that may have been leaked are still valid, JTB said Tuesday. No misuse of the data has been confirmed so far, the agency said.

The Metropolitan Police Department began probing the matter on Tuesday, investigative sources said.

JTB said i.JTB Corp., one of its group companies, apparently came under attack when an employee opened a virus-infected email file that gained access to customer information.

“I apologize for causing trouble and worry to our customers and other people concerned,” JTB President Hiroyuki Takahashi told a news conference.

The leaked data may include information on customers who used online travel booking services offered by the mobile phone carrier NTT Docomo Inc.

With a workforce of around 26,000, JTB is Japan’s leading travel agency. It posted a group net profit of ¥12.58 billion on sales of ¥1.34 trillion last year as it benefited from the spike in foreign travelers to Japan, particularly from China.

Japanese companies are stepping up efforts to prevent unauthorized access to servers and the leaking of information via virus infections. Yahoo Japan Corp. and Mitsubishi UFJ Financial Group Inc. have also experienced data leaks.