Kubota North America Corporation disclosed that an unidentified threat actor had access to parts of its network from March 16 to April 20 and accessed files containing sensitive personal information tied to employees and their dependents. The company said it determined on June 16 that one or more human-resources files may have been viewed during the intrusion, with exposed data potentially including names, Social Security numbers, dates of birth, taxpayer identification numbers, driver's license or other government ID numbers, direct-deposit bank account information, corporate payment card details, benefits enrollment data, and limited claims information.
Kubota began sending individualized breach notifications on June 30 and is offering affected people Kroll identity protection services. The company said it has implemented additional security measures following the incident and reported no known operational or business disruption. As of publication, no ransomware or data-extortion group had publicly claimed responsibility for the breach.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
Kubota began sending individualized notification emails to affected people on June 30, 2026. The company also offered Kroll identity protection services or guidance to impacted individuals.
On June 16, 2026, Kubota determined that one or more human-resources files accessed during the intrusion may have contained sensitive information belonging to certain employees and their dependents. The potentially exposed data included identifiers and financial information.
Kubota reported that the unauthorized access to affected network systems lasted until April 20, 2026. During this period, files containing sensitive employee and dependent information were accessed.
Kubota North America said an unidentified threat actor had access to some of its network systems beginning on March 16, 2026. The intrusion ultimately lasted for more than a month.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
cysecurity.news
Open sourcebleepingcomputer.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.