HONG KONG >> The Japanese company that owns the Hello Kitty brand said it has fixed a security leak in an online fan site for the famous character that compromised the personal information of 3.3 million users.

Sanrio Co.’s digital arm said this week it “corrected” a security vulnerability on the SanrioTown.com website and was carrying out an investigation. The leak was discovered Dec. 19 by a security researcher.

Hong Kong-based Sanrio Digital said anyone who knew the Internet addresses of “specific vulnerable servers” could have accessed personal information such as names and birthdates. Passwords were also available but encrypted.

However, it added that the data did not include credit card or other payment details, and that no information was stolen.

The site’s members include 186,261 minors, said Mark Leeper, whose public relations firm is representing Sanrio Digital.