NTT, a Leading Japanese Telecom Company, Exposed Data of 18,000 Corporate Clients in Major Breach
On March 8, 2025, NTT Communications Corporation, a prominent Japanese telecommunications company, announced a significant data breach affecting approximately 18,000 corporate customers. The breach was first detected on February 5 when NTT’s security team observed unusual activity in its Order Information Distribution System, prompting immediate restrictions on access to one of its devices.
Following the detection of the unauthorized access, NTT launched an internal investigation which, by February 6, confirmed the potential leak of sensitive information. The breach notification released by NTT specifies that while data related to corporate clients was compromised, individual customer information was not included in the incident. The investigation later revealed that the incident had exposed data from a total of 17,891 companies, leading NTT to commit to notifying all affected parties.
The information that could have been compromised includes contract numbers, company names, contact names, telephone numbers, email addresses, physical addresses, and related service usage details. However, no contracts pertaining to corporate smartphones or mobile services provided directly by NTT Docomo were affected by this breach. In response to this incident, NTT has indicated its intentions to bolster security measures, enhance service quality, and provide timely updates while ensuring the confidentiality of customer data.
Prior to this breach, NTT Communications had faced a notable security incident in May 2020 when unauthorized access was detected on several of its systems. This previous breach also resulted in the potential exposure of customer data after attackers gained access to servers in Singapore, subsequently moving laterally to infiltrate systems in Japan. The company responded by shutting down affected servers to contain the malware and prevent further data compromise.
In analyzing these recent events through the lens of the MITRE ATT&CK Matrix, it’s evident that tactics such as initial access via exploiting vulnerabilities in systems and privilege escalation could have been utilized by the adversaries. The unwarranted access identified in both incidents suggests the possibility of unauthorized tools employed to penetrate NTT’s defenses, highlighting persistent threats to corporate cybersecurity.
As the situation develops, business owners and cybersecurity professionals alike will be closely monitoring NTT’s response and the measures taken to ensure such breaches do not occur in the future. The need for robust security frameworks, continuous monitoring, and proactive risk management remains critical in safeguarding sensitive corporate data from evolving cyber threats.
For further updates on this incident and other cybersecurity developments, follow NTT Communications’ announcements and stay informed about best practices in data protection.
For ongoing coverage, you can follow our updates on Twitter @securityaffairs, Facebook, and Mastodon.
