Data Breach Roundup (June 26 - July 2, 2026)

Data Breach Roundup (June 26 - July 2, 2026)

Data breach exposes up to 14.2 million email logins at six ISPs

Japanese telco KDDI has disclosed a data breach of their email system which is used by five other internet service providers in the country. The other five were STNet, JCom Co, Chubu Telecommunications, NIFTY, and BIGLOBE. KDDI says that the email addresses and passwords of up to 14.22 million customers may have been exposed. The article says that only "some" of the passwords were hashed, but it's not clear how many or what algorithm was used, or why passwords were being stored in plaintext at all.

Data breach exposes up to 14.2 million email logins at six ISPs
Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country.

NAIC says public data stolen in ShinyHunters' PeopleSoft breach

The National Association of Insurance Commissioners (NAIC) is a US insurance regulatory organization. ShinyHunters claimed to have breached 3.1 TB of data, roughly 105,000 files, including regulatory filing PDFs between 2017 and 2024, customer/order/payment records, credentials for certain production environments, and more.

NAIC says public data stolen in ShinyHunters’ PeopleSoft breach
The National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and configuration files after breaching its systems by exploiting a zero-day vulnerability in an Oracle PeopleSoft server.

Nissan discloses employee data breach linked to Oracle zero-day attacks

Nissan is saying that this data breach impacted current and former employees in the US, Canada, Mexico, and Brazil. Impacted data could include contact information, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary information.

Nissan discloses employee data breach linked to Oracle zero-day attacks
Nissan is warning that it suffered a data breach affecting current and former employees after threat actors exploited an Oracle PeopleSoft vulnerability in data theft attacks previously linked to the ShinyHunters extortion group.

Blackfield ransomware asks Nidec Corporation for $2 million ransom

Nidec is a Japanese manufacturer of electronic components that get used in everything from phones and hard rivets to robotics, elevators, and large HVAC systems. There's not much information at this time on exactly what kind of data was stolen or how many records were impacted.

Blackfield ransomware asks Nidec Corporation for $2 million ransom
The Blackfield ransomware gang is asking for a $2 million ransom from Nidec Corporation, a large Japanese manufacturer of electronic components for automotive and computing applications.

Insurance giant Aflac discloses data breach after subsidiary hack

Aflac is the largest supplemental insurance company in the US, who apparently also has a presence in Japan. Their Japanese arm has suffered a data breach. Impacted files contain policy and coverage details, personal information, and bank account information. There is no further information on the scope at this time.

Insurance giant Aflac discloses data breach after subsidiary hack
American insurance giant Aflac has disclosed a new data breach after attackers breached its Japan subsidiary’s systems and stole personal and bank account information.

Kubota says hackers had month-long access to network systems

Kubota is an industrial manufacturer best known for their heavy equipment used in agriculture and construction. This breach took place between March and April of this year, and may have exposed full names (including dependents), Social Security numbers (including dependents), dates of birth (including dependents), taxpayer IDs, driver's license or other government ID numbers, direct deposit bank account information, corporate payment card information, and benefits enrollment and limited claims data (including dependents).

Kubota says hackers had month-long access to network systems
Kubota North America Corporation disclosed that hackers had access to some of its network systems for more than a month earlier this year.

Medtronic notifies customers impacted by ShinyHunters data breach

Medtronic is a medical device company who detected a breach in April. Exposed data included full name, contact information, date of birth, Social Security number, and "health-related information." The attackers claimed to have over 9 million records, which were removed from ShinyHunters' site, suggesting that Medtronic likely paid the ransom.

Medtronic notifies customers impacted by ShinyHunters data breach
Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party.

Community Discussion