Data breach at Japanese telecom NTT Communications impacts nearly 18K corporate customers
Learn More
NTT Communications Corporation (NTT), a Japanese telecommunications service provider, is reporting a data breach affecting approximately 17,891 corporate customers.
The incident, discovered in early February 2025, compromised the company's 'Order Information Distribution System.' The unauthorized access was first detected on February 5, 2025, with confirmation of potential data exfiltration following on February 6.
NTT blocked the threat actor's access to the breached system by February 6. The investigation revealed that by February 15, the attackers had pivoted to another device within NTT's network. This second compromised device was disconnected to prevent further lateral movement, and the company now believes the threat has been fully contained.
NTT claims that only corporate customer information is targeted, and personal consumer data remained unaffected. Contracts for corporate smartphones and mobile phones provided directly by NTT Docomo were not compromised in this incident.
The exposed data includes:
- Customer name (registered contract name)
- Customer representative's name
- Contract number
- Phone number
- Email address
- Physical address
- Service usage information
The nature of the attack and the total number of affected individuals across the 17,891 organizations has not been disclosed.
NTT has stated that it will not send direct notifications to impacted customers, relying instead on its public announcement as the sole notice. The company has not disclosed the financial impact of this breach.
Previously, NTT got hit by a massive 12-hour service disruption affecting its mobile services and payment platforms, attributed to a distributed denial of service (DDoS) attack.
