:

KDDI BREACH EXPOSES DATA FOR 12M+ PEOPLE

SECURITY DESK2 MIN READ
WED, JUL 8, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Japanese telecom KDDI disclosed a major data breach affecting over 12 million people across five internet service providers. Attackers accessed an email platform, exposing email addresses and passwords.

KDDI, one of Japan's largest telecommunications companies, confirmed the security incident compromised customer data held on a shared email platform used by multiple ISPs operating under its umbrella. The breach exposed email addresses and passwords for millions of users. KDDI has not yet detailed the full scope of personal information accessed or the methods used by attackers to breach the platform. The incident affects customers across five internet service providers connected to the platform, significantly expanding the potential impact beyond KDDI's direct user base. The company has begun notifying affected customers and recommending immediate password changes. KDDI said it is investigating the breach timeline and security gaps that allowed unauthorized access. The company has not disclosed whether ransom demands were made or if customer data has been sold on the dark web. This breach ranks among Japan's largest data incidents in recent years. Japanese regulators typically investigate telecommunications breaches closely due to their critical infrastructure status and the sensitivity of customer information held by telcos. KDDI operates as one of Japan's three major mobile carriers alongside NTT Docomo and SoftBank. The company serves millions of mobile and internet customers across the country, making security breaches particularly consequential for the broader telecommunications landscape. The company urged affected users to change passwords immediately and monitor accounts for suspicious activity. KDDI also recommended enabling two-factor authentication where available to strengthen account security moving forward.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

A Cambridge study reveals that terrorist organizations including Boko Haram and ISIS are using ChatGPT, Claude, and Gemini to plan attacks and develop weapons. Safety filters designed to prevent such misuse have repeatedly failed.

9H AGOAI Desk

The Australian Cyber Security Centre has issued an alert about coordinated exploitation of vulnerable content management systems and plugins worldwide. The campaign targets organizations using outdated or unpatched CMS software.

11H AGOAI Desk

Artificial intelligence discovered a critical security vulnerability in Linux kernel code that human developers overlooked for over a decade. The bug could allow unauthorized root access to systems.

15H AGOAI Desk

Researchers have demonstrated a new attack called 'Ghostcommit' that hides prompt injections in PNG files to fool AI code reviewers and agents into exposing repository secrets.

17H AGOAI Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.