KDDI’s email system for internet service providers has been breached, the company said Tuesday, with up to 14.22 million sets of email addresses and passwords possibly leaked. The affected service providers include STNet, JCOM, Chubu Telecommunications, Nifty, Biglobe and KDDI Web Communications. KDDI said it confirmed the cyberattack on June 17 and has implemented protective measures. The cyberattack exploited vulnerabilities in third-party software used in the email system, according to KDDI. The company said it wouldwork with the affected internet service providers to urge users to change their passwords, while continuing to investigate the extent of the damage. Cases of personal information breaches reported by listed companies and their subsidiaries in Japan totaled 180 in 2025, resulting in information on some 30.6 million people being leaked, according to Tokyo Shoko Research.

Full report : KDDI Data Breach Impacts up to 14.2 Million Email Accounts at Six ISPs.