Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: japan (4 articles)Clear

Aflac Japan breach exposes personal data of 4.38 million customers and agents

Aflac Life Insurance Japan, a subsidiary of the US insurance giant Aflac, says attackers broke into its policyholder portal and stole personal data belonging to about 4.38 million customers and agents. The intruders accessed systems repeatedly between June 15 and June 25, when the breach was detected through a surge in traffic, and the company suspended affected systems in response. Exposed data includes names, addresses, phone numbers, dates of birth, gender, and insurance account details, plus premium payment account information for roughly 230,000 people; no credit card data was taken. Aflac says the incident is limited to its Japan systems and does not affect its US operations.

Check
Aflac Japan policyholders and agents should watch for their notification letter, stay alert to phishing and fraud referencing Aflac or insurance accounts, and monitor bank accounts used for premium payments.
Affected
About 4.38 million Aflac Japan customers and agents whose personal and insurance data was exposed, including premium payment account details for roughly 230,000; the breach is limited to Aflac's Japan systems.
Fix
Affected people should monitor accounts for fraud and be cautious of insurance-themed phishing. Organizations should tighten access to customer portals, enforce phishing-resistant MFA, and monitor for unusual access and data exfiltration.

KDDI email breach affects up to 14.2 million accounts across six Japanese ISPs

Japanese telecom giant KDDI has disclosed a breach of an email platform it operates for itself and several internet service providers, potentially exposing the email addresses and passwords of up to 14.22 million mailboxes. KDDI detected the intrusion on June 17, blocked the attacker the same day, and traced the entry to a vulnerability in unnamed third-party software used by the email system. Six ISPs are affected, including JCOM, Nifty, and Biglobe, and the figure covers current, former, and inactive accounts. KDDI says some passwords were hashed or encrypted but has not said how many were stored in plaintext, and is urging all affected users to change their passwords.

Check
Customers of KDDI or the affected ISPs, including JCOM, Nifty, and Biglobe, should change their email passwords immediately and anywhere the same password was reused, and watch for phishing attempts.
Affected
Up to 14.22 million current, former, and inactive email accounts across six Japanese ISPs on KDDI's platform; exposed addresses and passwords enable account takeover, phishing, and credential stuffing where reused.
Fix
Affected users should change email passwords and any reused elsewhere, and enable multi-factor authentication. Organizations should inventory third-party software in shared platforms, patch promptly, and segment systems to limit breach scope.

Japanese utility Kyushu Electric loses drive holding 10.9 million customer records

Kyushu Electric Power, one of Japan's largest utilities, has disclosed a physical security incident: a storage drive containing the personal data of more than 10.9 million customers went missing. Because the exposure stems from lost media rather than a network intrusion, the risk depends largely on whether the drive was encrypted, a detail that determines if the data is readable by whoever finds it. The incident is a reminder that data-governance failures, like unencrypted or poorly tracked portable storage, can expose as many records as a sophisticated hack. Affected customers should watch for fraud and phishing attempts referencing their utility account.

Check
Kyushu Electric customers should watch statements and inboxes for fraud or phishing referencing their utility account; organizations should audit how portable drives holding personal data are encrypted and tracked.
Affected
More than 10.9 million Kyushu Electric Power customers whose personal data was stored on the missing drive; exposure severity depends on whether that storage was encrypted.
Fix
Encrypt all portable and removable media holding personal data, maintain strict chain-of-custody and inventory for such drives, and minimize the data placed on movable storage in the first place.

China-linked group is sending 1,600 fake tax-audit emails to Indian and Russian companies, then dropping a brand-new backdoor called ABCDoor

Kaspersky tracked a China-based group called Silver Fox running a tax-themed phishing campaign against organizations in India, Russia, Indonesia, Japan, and South Africa. Phishing emails impersonate the Indian Income Tax Department or Russian tax service with subjects about audits or 'lists of tax violations.' Inside the attached archive sits a modified Rust loader that pulls down a known backdoor called ValleyRAT, plus a brand-new Python-based backdoor called ABCDoor. ABCDoor handles screen recording, keystroke control, clipboard theft, and file operations. Kaspersky logged 1,600+ phishing emails between January and February 2026 across industrial, consulting, retail, and transportation sectors.

Check
Search proxy and DNS logs for connections to abc.haijing88.com since December 2025. Hunt endpoints for pythonw.exe processes initiating outbound HTTPS to unfamiliar destinations.
Affected
Organizations in India, Russia, Indonesia, Japan, and South Africa, particularly in industrial, consulting, retail, and transportation sectors. Finance and accounting staff who routinely receive tax correspondence are the highest-risk role. Multinationals with operations in any of these regions face the same risk through local subsidiaries.
Fix
Block abc.haijing88.com and related Silver Fox infrastructure at the DNS resolver. Train finance staff that real tax correspondence never arrives as a ZIP or RAR archive of 'violations' to download. Quarantine any host running pythonw.exe with unexpected outbound HTTPS, and remove FFmpeg installations not authorized by IT. Rotate credentials on suspected compromised hosts and reimage.