Mazda Says Employee, Partner Information Stolen in Cyberattack

Japanese car maker Mazda Motor Corporation has disclosed a data breach impacting the personal information of hundreds of employees and business partners. The incident, the company says, was discovered in mid-December and involved “unauthorized access to the management system used for warehouse operations involving parts procured from Thailand”. The information belongs to employees of Mazda and its group companies, and to business partners. A total of 692 records were compromised, the company said in an incident notification (PDF). The exposed information, the car maker says, includes company-issued user IDs, names, email addresses, company names, and business partner IDs. Mazda says no customer information was compromised in the attack, as this type of data is not stored in the hacked system, “and therefore there is no possibility that such information was affected”. It also noted that the hackers accessed the management system by exploiting security defects in the application, but did not name the software and did not specify which bugs were exploited. “The cause of this incident was determined to be unauthorized access by a third party through the exploitation of security vulnerabilities in the system used for the company’s business operations,” Mazda said. In November, the car maker confirmed to SecurityWeek that it had been targeted in the Oracle E-Business Suite (EBS) hacking campaign, but said at the time that it had not found evidence of data leakage. Mazda says it reported the newly disclosed data breach to the relevant authorities, promptly applied security patches, revised access policies and access monitoring, and restricted internet access. “Currently, no secondary harm has been confirmed. However, there is a possibility that the exposed personal information could be misused in the future, such as for phishing scams or spam emails. If you receive any suspicious communications, please exercise caution,” the company said. Responding to a SecurityWeek inquiry, a Mazda spokesperson refrained from sharing details on the compromised management system, but suggested that the newly disclosed incident is not related to the Oracle EBS hack. The spokesperson did not attribute the attack to a specific threat actor, citing the ongoing investigation and noting that “no contact from attackers has been confirmed.” Related: Navia Data Breach Impacts 2.7 Million Related: Marquis Data Breach Affects 672,000 Individuals Related: Security Firm Aura Discloses Data Breach Impacting 900,000 Records Related: Loblaw Data Breach Impacts Customer Information WRITTEN BY Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Tycoon 2FA Fully Operational Despite Law Enforcement Takedown Eclypsium Raises $25 Million for Device Supply Chain Security Navia Data Breach Impacts 2.7 Million Thousands of Magento Sites Hit in Ongoing Defacement Campaign Allure Security Raises $17 Million for Online Brand Protection Critical Langflow Vulnerability Exploited Hours After Public Disclosure Oasis Security Raises $120 Million for Agentic Access Management 1stProtect Emerges From Stealth With $20 Million in Funding Latest News Iran Built a Vast Camera Network to Control Dissent. Israel Turned It Into a Targeting Tool Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn Stryker Says Malicious File Found During Probe Into Iran-Linked Attack RSAC 2026 Conference Announcements Summary (Pre-Event) M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware  Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack QNAP Patches Four Vulnerabilities Exploited at Pwn2Own  Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move 7AI has appointed Israel Barak as its first Chief Information Security Officer. Brian Harrell has been appointed Chief Security Officer at FirstEnergy. eSentire has named James C. Foster as Chief Executive Officer. More People On The Move Expert Insights The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose A Critical Flaw In Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat As Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How To Eliminate The Technical Debt Of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Flipboard Reddit Whatsapp Email