Data Breach Roundup (June 26 - July 2, 2026)
Data breach exposes up to 14.2 million email logins at six ISPs
Japanese telco KDDI has disclosed a data breach of their email system which is used by five other internet service providers in the country. The other five were STNet, JCom Co, Chubu Telecommunications, NIFTY, and BIGLOBE. KDDI says that the email addresses and passwords of up to 14.22 million customers may have been exposed. The article says that only "some" of the passwords were hashed, but it's not clear how many or what algorithm was used, or why passwords were being stored in plaintext at all.

NAIC says public data stolen in ShinyHunters' PeopleSoft breach
The National Association of Insurance Commissioners (NAIC) is a US insurance regulatory organization. ShinyHunters claimed to have breached 3.1 TB of data, roughly 105,000 files, including regulatory filing PDFs between 2017 and 2024, customer/order/payment records, credentials for certain production environments, and more.

Nissan discloses employee data breach linked to Oracle zero-day attacks
Nissan is saying that this data breach impacted current and former employees in the US, Canada, Mexico, and Brazil. Impacted data could include contact information, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary information.

Blackfield ransomware asks Nidec Corporation for $2 million ransom
Nidec is a Japanese manufacturer of electronic components that get used in everything from phones and hard rivets to robotics, elevators, and large HVAC systems. There's not much information at this time on exactly what kind of data was stolen or how many records were impacted.

Insurance giant Aflac discloses data breach after subsidiary hack
Aflac is the largest supplemental insurance company in the US, who apparently also has a presence in Japan. Their Japanese arm has suffered a data breach. Impacted files contain policy and coverage details, personal information, and bank account information. There is no further information on the scope at this time.

Kubota says hackers had month-long access to network systems
Kubota is an industrial manufacturer best known for their heavy equipment used in agriculture and construction. This breach took place between March and April of this year, and may have exposed full names (including dependents), Social Security numbers (including dependents), dates of birth (including dependents), taxpayer IDs, driver's license or other government ID numbers, direct deposit bank account information, corporate payment card information, and benefits enrollment and limited claims data (including dependents).

Medtronic notifies customers impacted by ShinyHunters data breach
Medtronic is a medical device company who detected a breach in April. Exposed data included full name, contact information, date of birth, Social Security number, and "health-related information." The attackers claimed to have over 9 million records, which were removed from ShinyHunters' site, suggesting that Medtronic likely paid the ransom.








Community Discussion