SYS::ONLINE
Wasteland.
Briefs1066
Issues17
SinceFeb 2026
LIVE
▣ Breach SAPPORO-KDDI-JAPAN 2026-07-01

Sapporo and KDDI: Wave of Japanese Corporate Breaches

"Here is the complete article:"

Here is the complete article:


title: "Sapporo and KDDI: Wave of Japanese Corporate Breaches" date: 2026-07-01 slug: sapporo-kddi-japan-cyber-breaches


Sapporo and KDDI: Wave of Japanese Corporate Breaches

A cluster of major Japanese companies disclosed cyber incidents over a two-week span, exposing customer data and disrupting internal systems across the insurance, telecom, manufacturing, and beverage sectors. Recorded Future News confirmed new victims including brewer Sapporo Holdings and telecom KDDI, adding to earlier disclosures from Aflac Life Insurance Japan and industrial manufacturer Nidec. Investigators have found no evidence so far that the attacks are connected or attributable to a single threat actor. The largest confirmed exposure, at Aflac Japan, affected roughly 4.38 million policyholders.

What Happened

The disclosures arrived in rapid succession, each triggering system shutdowns and investigations. Aflac Life Insurance Japan, the Japanese subsidiary of the U.S.-based insurer, reported that attackers compromised its customer portal and other systems. The company suspended parts of its infrastructure after detecting the intrusion but kept handling insurance claims and customer inquiries through call centers and alternative channels. Aflac stressed the incident was confined to its Japanese operations and did not touch its U.S. business.

Sapporo Holdings disclosed suspected unauthorized access affecting two overseas subsidiaries: Singapore-based food and beverage company Pokka and Canadian brewer Sleeman Breweries. Sapporo detected suspicious network activity indicating a possible cyberattack, shut down affected systems, and opened an investigation into whether data was stolen. The company reported no impact on its domestic operations.

Nidec disclosed a ransomware breach affecting part of the network at its Taiwanese subsidiary, Nidec Chaun Choung Technology. The company acknowledged a possible information leak but said it had not confirmed that any personal or confidential data was published online. The BlackField ransomware group later claimed responsibility and demanded a $2 million ransom.

What Was Taken

The stolen data spans personally identifiable information and deep corporate records. At Aflac Japan, the exposed data includes customers' names, addresses, and phone numbers, affecting about 4.38 million policyholders. A subset of roughly 230,000 customers also had premium payment account information compromised, raising the risk of financial fraud for that group.

Sapporo has not confirmed whether any data was exfiltrated from Pokka or Sleeman Breweries, and the investigation remains open. At Nidec, the BlackField group claimed it stole more than two terabytes of corporate data, including employee, financial, procurement, manufacturing, legal, and IT records. Nidec has not confirmed that any of that data has surfaced publicly.

Why It Matters

This cluster underscores how supply-chain and subsidiary sprawl expands the attack surface for multinational firms. Both Sapporo and Nidec were breached through overseas subsidiaries rather than their Japanese headquarters, a reminder that a parent company's security posture is only as strong as its weakest regional unit. Attackers routinely favor these less-monitored subsidiaries as entry points.

The incidents also highlight the sustained targeting of Japan's corporate sector. The Sapporo case follows a 2024 ransomware attack on rival Asahi that exposed the personal data of roughly 1.5 million customers and disrupted production, product launches, order processing, and shipments nationwide. The scale of the Aflac exposure, at 4.38 million policyholders, places it among the more significant insurance-sector breaches disclosed in the region and creates a large pool of victims ripe for phishing and identity fraud.

The Attack Technique

Specific intrusion vectors have not been publicly confirmed for most of the victims. Aflac has notified Japanese police and cybersecurity authorities but has not identified the attackers or detailed how they gained access to its customer portal. Sapporo characterized its incident only as suspicious network activity indicating a possible cyberattack, without naming a method or actor.

The clearest attribution belongs to the Nidec case, where the BlackField ransomware group claimed responsibility for breaching Nidec Chaun Choung Technology, exfiltrating more than two terabytes of data, and demanding a $2 million ransom. This aligns with the double-extortion model common to modern ransomware operations, in which attackers steal data before encryption and threaten to leak it to pressure victims into paying.

What Organizations Should Do

Sources: Japanese insurer, brewer, manufacturer and telecom disclose cyber breaches | The Record from Recorded Future News