:

KDDI BREACH EXPOSES DATA FOR 12M+ PEOPLE

SECURITY DESK2 MIN READ
WED, JUL 8, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Japanese telecom KDDI disclosed a major data breach affecting over 12 million people across five internet service providers. Attackers accessed an email platform, exposing email addresses and passwords.

KDDI, one of Japan's largest telecommunications companies, confirmed the security incident compromised customer data held on a shared email platform used by multiple ISPs operating under its umbrella. The breach exposed email addresses and passwords for millions of users. KDDI has not yet detailed the full scope of personal information accessed or the methods used by attackers to breach the platform. The incident affects customers across five internet service providers connected to the platform, significantly expanding the potential impact beyond KDDI's direct user base. The company has begun notifying affected customers and recommending immediate password changes. KDDI said it is investigating the breach timeline and security gaps that allowed unauthorized access. The company has not disclosed whether ransom demands were made or if customer data has been sold on the dark web. This breach ranks among Japan's largest data incidents in recent years. Japanese regulators typically investigate telecommunications breaches closely due to their critical infrastructure status and the sensitivity of customer information held by telcos. KDDI operates as one of Japan's three major mobile carriers alongside NTT Docomo and SoftBank. The company serves millions of mobile and internet customers across the country, making security breaches particularly consequential for the broader telecommunications landscape. The company urged affected users to change passwords immediately and monitor accounts for suspicious activity. KDDI also recommended enabling two-factor authentication where available to strengthen account security moving forward.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

3H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

3H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

6H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

8H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.