Mazda Motor Corporation disclosed that attackers gained unauthorized external access to an internal warehouse management system used for parts procured from Thailand, exposing 692 records tied to employees, group company staff, and business partners. The company said the intrusion was detected in mid-December 2025 and traced to exploitation of an unpatched vulnerability in the affected system. Exposed information may have included user IDs, full names, email addresses, company names, and business partner IDs, while Mazda said no customer personal data was stored in the compromised environment.
Mazda reported the incident to Japan’s Personal Information Protection Commission, investigated the breach with external cybersecurity specialists, and publicly disclosed the matter after completing its review. The automaker said it has patched the system, revised architecture, reduced internet exposure, restricted source IP access, strengthened monitoring, and tightened access controls, with plans to apply similar protections elsewhere. Although Mazda said it has not confirmed misuse of the data or other secondary damage, it warned affected individuals about elevated risks including phishing, business email compromise, and targeted spam.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
Following the investigation and disclosure, Mazda said it patched the affected system, reduced its internet exposure, restricted source IP access, strengthened monitoring, tightened access controls, and revised system architecture. The company also said it plans to extend similar protections to related systems.
On 2026-03-19, Mazda publicly disclosed the security incident, stating that exposed information may have included user IDs, names, email addresses, company names, and business partner IDs. The company said it had not confirmed secondary misuse of the data but warned affected individuals about phishing, scams, and business email compromise risks.
After detecting the incident, Mazda investigated with the help of an external cybersecurity specialist and reported the breach to Japan’s Personal Information Protection Commission. The company determined that 692 records tied to employees, group company staff, and business partners may have been exposed, with no customer data involved.
In mid-December 2025, Mazda detected unauthorized external access to an internal warehouse management system used for parts procured from Thailand. The intrusion was later attributed to exploitation of unpatched vulnerabilities in the system.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
5 references tracked. Mallory keeps watching after this page renders.
cybersecuritynews.com
Open sourceteiss.co.uk
Open sourcebleepingcomputer.com
Open sourcelinkedin.com
Open sourcenewsroom.mazda.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.