Four major Japanese organizations reported separate cyber incidents within a two-week period in late June 2026, revealing a shared attack pattern that bypassed corporate headquarters in favor of weaker subsidiary and third-party access points. Aflac Japan, KDDI, Sapporo Holdings, and Nidec all disclosed breaches affecting millions of customers and exposing sensitive data, but none of the initial compromises occurred at the companies' main operations.
Aflac Japan disclosed on June 30 that attackers accessed its Japanese operations between June 15 and June 25, affecting approximately 4.38 million customers and agents. Some records included bank account information used for insurance premium payments. The company confirmed the incident was isolated to its Japanese business and did not impact U.S. operations. The reported tactics resemble social engineering techniques previously linked to the Scattered Spider threat group, though no formal attribution has been made.
KDDI reported unauthorized access to a shared email platform used by multiple Japanese internet service providers, stemming from a vulnerability in third-party software. The incident potentially exposed up to 14.22 million email account records across six ISPs, demonstrating how a single weakness in shared infrastructure can cascade across multiple organizations. Sapporo Holdings detected suspicious activity at two overseas subsidiaries (Singapore-based Pokka and Canadian brewer Sleeman), while Nidec confirmed a ransomware attack at its Taiwanese subsidiary, Nidec Chaun Choung Technology. The BlackField ransomware group claimed responsibility for the Nidec attack, alleging theft of over two terabytes of data including employee, financial, procurement, manufacturing, legal, and IT records, and demanding $2 million.
The incidents collectively illustrate how attackers are shifting focus from heavily defended corporate networks to less-protected subsidiaries, overseas offices, and third-party platforms. The KDDI breach shows how vendor dependencies can amplify impact, while the Nidec attack follows the established ransomware pattern of combining data theft with extortion. The Aflac incident reinforces that social engineering remains an effective initial access method despite widespread awareness.
Organizations should reassess security controls across their entire enterprise ecosystem, including acquired businesses, overseas operations, and external service providers. Subsidiaries and third-party platforms must meet the same security standards as corporate headquarters, as attackers increasingly view these as viable entry points to larger networks. Companies relying on shared infrastructure or vendor-managed services should verify that security requirements are contractually enforced and regularly audited.
Source: https://thecyberexpress.com/japan-cyberattacks-expose-hidden-risks/


