10 Biggest Data Breaches in Japan [2025]

Data breaches are escalating rapidly in Japan, affecting numerous industries and raising significant alarm among both businesses and citizens. In fiscal year 2024 alone, Japan reported over 21,000 cases of personal information breaches, marking a troubling 58% increase compared to the previous year. This increase in data breaches has severe financial implications for organizations across Japan. The average cost of a single data breach for Japanese companies rose notably from $2 million in 2019 to $2.7 million in 2020, reflecting both the growing complexity and the increased severity of cyber incidents.

A significant contributor to this troubling trend is the steep rise in ransomware attacks. In the first half of 2022, Japan saw an alarming 87% increase in ransomware incidents, with 114 confirmed attacks. Small and medium-sized enterprises were particularly vulnerable, suffering 59 attacks, while large corporations were hit in 36 separate incidents. Cybercriminals have also increasingly targeted online banking systems, with losses from banking fraud surpassing 8.7 billion yen in 2023.

In this blog, we’ll examine the largest and most impactful data breaches in Japan, analyzing how they occurred, why they succeeded, and what businesses can learn to better protect themselves in an increasingly hostile digital landscape.

Japan is an appealing target for data breaches, driven by a combination of factors that increase the vulnerability of its critical sectors, organizations and individuals to cybercriminal activity:

Japan has been aggressively pursuing digital transformation to improve efficiency, reduce costs, and support remote and hybrid work models. However, this rapid digitization often occurs on aging IT infrastructure, originally developed decades ago without modern cybersecurity standards in mind. Legacy systems, common in both private enterprises and public institutions, frequently rely on outdated software, unsupported hardware, or patchwork solutions that are vulnerable to sophisticated cyberattacks. Because upgrading these systems fully requires significant time and investment, many Japanese organizations operate with known cybersecurity vulnerabilities, making them attractive targets for attackers looking for easy entry points.

Japanese corporate culture has historically emphasized trust, harmony, and lifetime employment, resulting in relatively open internal access and less stringent employee monitoring compared to other global markets. This trusting environment, although beneficial for employee morale and teamwork, can weaken internal cybersecurity defenses. Employees often have broad access to sensitive systems and data, increasing the risk of insider threats and unauthorized disclosures. Additionally, strict hierarchical structures in Japanese companies sometimes discourage proactive reporting of cybersecurity concerns or issues, causing delayed responses to breaches or suspicious activities. This cultural dynamic makes Japanese organizations particularly susceptible to internal attacks, social engineering, and phishing campaigns.

In recent years, Japan has significantly accelerated its transition to a cashless economy, driven partly by government initiatives aimed at modernizing financial infrastructure and consumer convenience. As digital payment methods, online banking, and mobile finance become more prevalent, the volume of sensitive financial data being transferred electronically has increased exponentially. Cyber attackers specifically target these digital transaction channels due to the lucrative potential of financial fraud, identity theft, and direct monetary gains. This transition has outpaced the ability of some organizations, especially smaller financial institutions and payment providers, to implement comprehensive security controls, leaving them vulnerable to financially motivated cyberattacks, such as ransomware and phishing scams.

In the following, you find a list of the largest data breaches in Japan. The data breaches are sorted by the number of impacted customer accounts in descending order.

In May 2013, Yahoo Japan experienced one of the most significant data breaches in Japanese history, compromising approximately 22 million user IDs. The breach involved unauthorized external access to Yahoo Japan’s internal administrative files containing extensive databases of user identifiers. Although Yahoo Japan publicly stated that no passwords or financial data were compromised, the massive scale of impacted user accounts raised widespread concern about the safety and privacy of online services. Attackers successfully gained access to internal systems and downloaded sensitive user identification data before Yahoo Japan detected and contained the breach.

At the time, Yahoo Japan was among Japan’s most popular and heavily utilized digital platforms, amplifying the potential risk associated with the breach. This incident started discussions regarding cybersecurity readiness among major Japanese internet service providers, highlighting critical vulnerabilities and the need for stronger protection of user information.

Prevention methods:

• Implement strict access controls and multi-factor authentication like passkeys for sensitive administrative systems.
• Enhance real-time monitoring and intrusion detection systems to identify breaches faster.
• Adopt robust data segregation and encryption practices, particularly for large-scale user databases.

In June 2016, Japan’s largest travel agency, JTB Corporation, suffered a significant phishing attack affecting roughly 7.93 million customers. The attackers targeted JTB employees by sending carefully crafted phishing emails, tricking an employee into opening a malicious attachment that installed malware onto the company’s network. Once the attackers gained entry, they accessed a server containing sensitive customer data, including names, postal addresses, email addresses, and notably sensitive passport details.

The extensive exposure of passport information made this breach particularly alarming, given the high risk of identity fraud associated with such data. JTB responded by publicly disclosing the incident, notifying affected customers, and coordinating with law enforcement and cybersecurity experts. Despite prompt remedial measures, the incident showed significant shortcomings in employee cybersecurity training and internal phishing defenses within one of Japan’s most prominent companies.

Prevention methods:

• Provide comprehensive cybersecurity training to educate employees about recognizing and responding to phishing attacks.
• Implement advanced email filtering solutions to automatically detect and quarantine malicious emails.
• Enforce strict internal data access controls, minimizing the impact even if individual credentials are compromised.

In early 2025, Kaikatsu Club, one of Japan’s largest internet café chains, experienced a major cybersecurity incident, resulting in the exposure of approximately 7.29 million member records. Cybercriminals managed to gain unauthorized external access to Kaikatsu Club’s databases, which held extensive customer information including member names, residential addresses, phone numbers, email addresses, and detailed membership data.

Due to the broad scope of the compromised personal data, the breach showed significant risks for identity theft, targeted scams, and other fraudulent activities. Following detection, Kaikatsu Club immediately informed authorities, launched an internal investigation, and began notifying affected customers. Nonetheless, the incident raised concerns regarding data security practices across Japan’s hospitality sector, especially highlighting vulnerabilities in customer data management and external cyber defense systems.

Prevention methods:

• Strengthen external network defenses with multi-layered security solutions (firewalls, IPS).
• Regularly perform penetration tests and vulnerability assessments to proactively identify weak points.
• Encrypt sensitive customer data at rest and ensure strict access controls within databases.

In March 2022, Morinaga, a prominent Japanese confectionery manufacturer operating a substantial e-commerce business, suffered a severe cybersecurity breach compromising the personal data of over 1.6 million customers. Attackers gained unauthorized access to the company’s online sales system, exposing sensitive consumer information including customer names, home addresses, phone numbers, and detailed purchase histories.

The scale and sensitivity of the compromised data posed considerable risks, especially due to the exposure of detailed consumer purchasing patterns that attackers could exploit for targeted scams and identity fraud. Upon detecting the breach, Morinaga initiated immediate steps to secure their compromised systems, notified affected customers, and collaborated with cybersecurity experts to mitigate further damage. However, the incident brought to light substantial vulnerabilities in online retail platforms, particularly concerning customer data storage and transactional security.

Prevention methods:

• Enforce strict access controls and authentication procedures for critical sales systems.
• Deploy advanced monitoring solutions to quickly detect unauthorized activities and unusual data access patterns.
• Regularly audit and secure customer databases by encrypting sensitive data and segmenting user information effectively.

In September 2014, Japan Airlines (JAL), one of the country’s leading airlines, suffered a significant data breach affecting approximately 750,000 members of its frequent flyer program. Cybercriminals deployed ransomware, successfully compromising internal servers containing detailed frequent flyer data, such as member names, membership numbers, and account-related information.

This breach raised immediate concerns due to the high value and sensitivity of frequent flyer account data, which could potentially be exploited for identity fraud or targeted phishing attacks. After the ransomware infection was identified, Japan Airlines promptly worked with cybersecurity specialists and law enforcement authorities to restore systems and minimize further damage. Nonetheless, the incident underscored significant vulnerabilities within the airline industry, particularly highlighting risks in managing customer loyalty data and internal cybersecurity preparedness.

Prevention methods:

• Maintain secure, encrypted backups of critical customer databases to mitigate ransomware impact.
• Deploy robust endpoint protection and regularly update security protocols to prevent ransomware infections.
• Implement continuous monitoring and threat detection systems for early identification of malicious activities.

In early 2025, Sankei Lingerie, a popular Japanese mail-order retail company specializing in apparel, experienced a major cybersecurity incident. Approximately 292,000 customer records were compromised, including highly sensitive credit card information for about 71,000 individuals. Attackers gained unauthorized external access to Sankei Lingerie’s customer database, exposing personal details such as names, addresses, contact information, and critical financial data.

Due to the substantial exposure of credit card details, this breach posed significant financial risks to affected customers, potentially enabling widespread fraud and identity theft. Sankei Lingerie immediately reported the breach to authorities, notified impacted customers, and collaborated with cybersecurity experts to reinforce their defenses. The incident highlighted the persistent threats faced by online and mail-order retailers, emphasizing critical gaps in protecting sensitive payment data.

Prevention methods:

• Implement PCI DSS-compliant systems for secure storage and handling of credit card information.
• Strengthen perimeter security and deploy intrusion detection systems to prevent unauthorized access.
• Regularly audit and encrypt sensitive customer databases to minimize potential exposure.

In early 2025, DIC Utsunomiya Central Clinic, a healthcare provider in Japan, became a victim of a severe ransomware attack affecting approximately 300,000 patient records. Attackers successfully breached the clinic’s IT systems, encrypting sensitive medical information, including detailed patient records, comprehensive medical histories, and personal identification data.

This breach raised particular alarm due to the sensitive and highly confidential nature of healthcare information, exposing patients to significant risks including medical fraud, targeted phishing, and identity theft. Following the discovery of the ransomware, DIC Utsunomiya Central Clinic collaborated urgently with cybersecurity specialists and law enforcement authorities to contain the damage, restore services, and enhance security measures. Nevertheless, this incident underlined critical cybersecurity vulnerabilities in the healthcare sector and the increasing threat ransomware poses to medical institutions across Japan.

Prevention methods:

• Maintain secure and isolated backups of medical records to enable quick data restoration.
• Deploy comprehensive endpoint protection and continuous threat-monitoring systems to detect ransomware early.
• Conduct regular cybersecurity training for staff to minimize the risk of phishing and malware attacks.

In early 2025, Sompo Japan Insurance experienced a significant data breach affecting approximately 7.27 million customers whose records contained personally identifiable information, including names, addresses, contact details, and sensitive insurance policy specifics. While initially reported figures mentioned up to 17.5 million records, further investigation revealed that many records either lacked unique identifiers or were duplicates. Hence, cybersecurity analysts confirmed that approximately 7.27 million records directly represented unique individuals, positioning this breach below other major breaches in Japan such as Yahoo Japan and JTB Corporation in terms of individual impact.

The breach occurred when attackers successfully gained unauthorized external access by leveraging compromised employee credentials, likely obtained through sophisticated phishing or credential-stuffing methods. After breaching Sompo Japan’s internal systems, the attackers accessed customer databases containing sensitive personal and insurance-related information.

Prevention methods:

• Deploy robust multi-factor authentication (MFA) to protect critical systems and databases.
• Implement ongoing employee training programs to prevent credential compromise through phishing or social engineering.
• Use advanced threat detection systems to promptly identify unusual activities and unauthorized access.

In early 2025, NTT Communications, one of Japan’s largest telecom service providers, faced a significant data breach affecting approximately 17,891 corporate clients. The attackers successfully gained unauthorized external access to internal databases, exposing sensitive business information, including detailed corporate contract terms, business contact details, and service agreement specifics.

While the breach did not directly impact individual consumer data, the compromised corporate information posed substantial risks for industrial espionage, targeted phishing attacks, and potential exploitation of sensitive commercial relationships. In response, NTT Communications promptly launched an internal investigation, worked closely with cybersecurity specialists to mitigate ongoing risks, and communicated proactively with affected corporate clients. Nevertheless, this incident underscored the vulnerabilities in corporate telecommunications infrastructure and the critical need to enhance security around enterprise data handling.

Prevention methods:

• Strengthen external cybersecurity defenses, including advanced threat detection and response systems.
• Regularly conduct vulnerability assessments and penetration tests on critical infrastructure.
• Implement rigorous access control and data encryption practices for sensitive corporate client information.

In May 2021, Fujitsu’s ProjectWEB, a collaboration platform widely utilized by Japanese government agencies, experienced a significant cybersecurity breach affecting approximately 76,000 accounts. Attackers managed unauthorized access to the system by exploiting vulnerabilities related to a compromised third-party vendor. Exposed data included sensitive email addresses, system access settings, and confidential project-related communications among government officials.

The incident was highly sensitive due to the involvement of government data, raising concerns about national security and the handling of sensitive information. Fujitsu responded immediately by shutting down affected servers, conducting comprehensive internal and external investigations, and collaborating closely with government cybersecurity teams to secure compromised systems. Despite these efforts, the breach emphasized critical vulnerabilities associated with third-party integrations and the importance of secure supply-chain management.

Prevention methods:

• Conduct thorough security assessments and audits of third-party providers regularly.
• Enhance monitoring and incident detection capabilities for early identification of unauthorized access.
• Implement strict supply-chain cybersecurity requirements, including robust access controls and encryption for all sensitive project data.

After looking at the biggest data breaches that happened in Japan up to 2025, we can notice a few observations that reoccur across these breaches:

A key factor driving many large-scale data breaches in Japan is the widespread use of centralized data storage systems. Organizations often store extensive customer or user information within singular databases or unified management systems, making them highly valuable and attractive targets for cybercriminals. Centralized systems such as national identification programs, loyalty schemes, and major membership platforms tend to aggregate data that is both sensitive and comprehensive, presenting attackers with an appealing, singular target. Once breached, these systems yield substantial volumes of data, resulting in higher-impact breaches that can compromise millions of individuals or corporate entities simultaneously. The trend towards centralization underscores the urgent need for stronger data segmentation, encryption of sensitive records, and distributed systems designed to limit widespread compromise following an attack.

An increasingly interconnected digital economy has created complex supply chains, making third-party cybersecurity a critical yet often neglected aspect of organizational security. Several prominent breaches in Japan clearly indicate that attackers frequently exploit vulnerabilities within third-party services, vendors, or partners. Weaknesses such as inadequate vendor risk assessments, insufficient monitoring of third-party access, and poorly secured cloud-based integrations significantly heighten organizations’ overall vulnerability. To effectively counteract these threats, Japanese enterprises must enhance third-party risk management processes, mandating regular security assessments, enforcing strict compliance with cybersecurity standards among vendors, and continuously monitoring external connections and data-sharing arrangements.

Phishing remains a highly prevalent method for initial system compromise in Japan, with attackers consistently adapting techniques to bypass traditional security measures. Cybercriminals now commonly use targeted phishing emails, convincingly impersonating legitimate contacts, colleagues, or trusted entities to gain initial access to corporate networks. Japanese companies, often culturally predisposed toward hierarchical communication and trust-based internal practices, are especially vulnerable to sophisticated phishing schemes. While phishing awareness is growing, gaps persist in consistent, enterprise-wide employee training, coupled with limited deployment of advanced email security technologies. Enhancing internal phishing defenses requires ongoing employee education, realistic simulation training, and implementation of adaptive anti-phishing technologies capable of identifying and blocking sophisticated attack attempts.

A recurring pattern in many high-profile Japanese data breaches is the slow identification and response to cyber incidents, significantly increasing breach severity and long-term impact. In several notable cases, organizations remained unaware of intrusions for weeks or even months, allowing attackers ample time to exfiltrate sensitive data or extensively compromise internal systems. Slow detection often arises from insufficient real-time monitoring capabilities, ineffective use of threat intelligence, and gaps in security event analysis. Similarly, slow response times are often rooted in unclear incident response plans or overly bureaucratic decision-making processes. To mitigate this issue, Japanese organizations should prioritize the development and rehearsal of clear, streamlined incident response plans, invest in advanced monitoring and threat detection solutions, and encourage a proactive security culture that prioritizes rapid detection and decisive action following cyber incidents.

Japan’s experience with significant data breaches clearly highlights a critical need for improved cybersecurity practices. The incidents reviewed show that cyber threats are increasingly sophisticated and continuously evolving, targeting vulnerabilities unique to Japan’s digital landscape, including centralized databases, legacy IT systems, third-party security gaps, and cultural norms around employee trust.

Organizations must recognize that traditional cybersecurity measures alone are insufficient in today’s threat environment. Strengthening defenses requires comprehensive solutions, including enhanced data segmentation, robust ransomware protection, rigorous third-party assessments, frequent phishing-awareness training, and faster detection and response capabilities.