Japan’s Aflac, KDDI, Sapporo, and Nidec Hit by Four Cyberattacks Exposing 18.6 Million Records Through Subsidiaries and Third-Party Infrastructure
In a troubling development for cybersecurity in Japan, four major cyberattacks have been reported within a two-week period, revealing a significant shift in the tactics employed by cybercriminals. Instead of directly targeting corporate headquarters, attackers are increasingly infiltrating organizations through subsidiaries and third-party infrastructures. This trend raises serious concerns across various sectors, including insurance, telecommunications, brewing, and manufacturing, as companies face an expanding attack surface that extends beyond their primary networks.
Aflac Japan Breach Exposes Customer Data
On June 30, Aflac Japan announced that its operations had been compromised between June 15 and June 25, affecting approximately 4.38 million customers and agents. The breach involved sensitive information, including bank account details used for insurance premium payments. Aflac confirmed that the incident was limited to its Japanese operations and did not affect its U.S. business.
While the company has not identified a specific threat actor, the tactics used in the attack resemble social engineering techniques linked to a group known as Scattered Spider. This incident highlights the vulnerabilities that arise when attackers exploit indirect access points within an organization.
KDDI Incident Impacts Millions Through Shared Platform
Telecommunications provider KDDI reported unauthorized access to an email platform utilized by multiple Japanese internet service providers. The breach originated from a vulnerability in third-party software, potentially exposing up to 14.22 million email account records across six ISPs. This incident underscores how a single vulnerability in shared infrastructure can have widespread repercussions, affecting multiple organizations simultaneously.
Sapporo Holdings and Nidec Target Overseas Subsidiaries
Sapporo Holdings reported suspected unauthorized access involving two overseas subsidiaries: Singapore-based Pokka and Canadian brewer Sleeman. The company detected suspicious activity, shut down affected systems, and initiated an investigation to determine whether any data had been accessed or stolen.
In a separate incident, manufacturing company Nidec confirmed a ransomware attack targeting its Taiwanese subsidiary, Nidec Chaun Choung Technology. The BlackField ransomware group claimed responsibility for the attack, alleging it had stolen over two terabytes of company data, including employee, financial, procurement, manufacturing, legal, and IT records. The group reportedly demanded a ransom of $2 million.
A Shared Pattern Across the Japan Cyberattacks
Despite the diversity of industries and methods involved, the four cyberattacks in Japan reveal a common point of vulnerability. Aflac’s breach was confined to its Japanese operations, while KDDI’s exposure stemmed from a shared email platform reliant on vulnerable third-party software. Sapporo’s investigation centers on overseas subsidiaries, and Nidec’s ransomware incident impacted its Taiwan-based operation rather than its headquarters.
These cases indicate a growing trend where attackers increasingly target subsidiaries, shared services, overseas business units, and technology partners, rather than attempting to breach an organization’s primary corporate network.
Growing Risks Across the Extended Enterprise
These incidents highlight the necessity of treating subsidiaries and external partners as integral components of an organization’s overall security perimeter. Organizations that rely on overseas offices, acquired businesses, vendors, or shared platforms may inherit additional cybersecurity risks if these environments are not secured to the same standards as corporate headquarters.
The KDDI incident exemplifies how third-party dependencies can significantly amplify the scale of a breach. Meanwhile, the Nidec cyberattack underscores the ongoing trend of ransomware groups combining data theft with extortion demands. The tactics observed in the Aflac incident further reinforce the effectiveness of social engineering as an initial access method.
As investigations into these incidents continue, the recent disclosures highlight a broader trend. As enterprise environments become increasingly interconnected, subsidiaries, shared infrastructure, and external technology providers are becoming attractive targets for attackers seeking indirect access to larger organizations.
For further insights into these developments, visit cyberwarriorsmiddleeast.com.
For ongoing coverage and breaking updates, visit our Latest News section.
Published on 2026-07-02 11:03:00 • By the Editorial Desk

