Overview
- Mazda says attackers accessed 692 records after breaching a parts warehouse system tied to Thailand in an incident detected in December 2025 and disclosed in March 2026.
- The affected system did not store customer data, and the accessed details were user IDs, names, email addresses, company names, and business partner IDs.
- The company reported the breach to Japan’s Personal Information Protection Commission, engaged outside specialists, and then limited internet exposure, patched systems, tightened access, and stepped up monitoring.
- No misuse has been found so far, and Mazda is urging impacted employees and partners to watch for phishing emails and other scams.
- News outlets note unresolved links to extortion actors, with Cl0p’s November 2025 claim remaining unconfirmed, while SecurityWeek adds Mazda was also targeted in an Oracle E‑Business Suite campaign without evidence of data theft.