'Traces of unauthorized access': Mazda confirms data breach exposing employee and partner data — here's what we know

News
By published

Handful of Mazda records exfiltrated

Mazda EZ-60
(Image credit: Mazda)
  • Mazda confirms December 2025 breach via warehouse management system
  • Hundreds of employee and partner records exposed, including IDs, names, and emails
  • Customers unaffected; company strengthening security after vulnerability exploitation

Hackers have broken into Japanese carmaker Mazda and used their access to exfiltrate sensitive employee and partner data, the company has confirmed.

In a breach notification letter, the Japanese carmaker said that in mid-December 2025 it found “traces of unauthorized access” to a management system that was used to operate certain warehouses used to store parts procured from Thailand.

As soon as the breach was spotted, Mazda did what most companies do in these cases - secured their infrastructure, notified relevant authorities and data watchdogs, including the Personal Information Protection Commission, and launched an investigation with the help of third-party cybersecurity experts.

Article continues below

No bragging rights

The investigation determined a “possibility that a portion of the personal information of the employees of the company, its group companies, as well as business partners” may have been exposed. That portion includes 692 records such as Mazda-issued user IDs, names, email addresses, company names, and business partner IDs.

Mazda also stressed customer personal information were not accessed, since it was not stored in the affected systems in the first place.

“To prevent recurrence, Mazda will continue to strengthen its information security framework, including enhanced monitoring of external access and strengthened communication controls,” the company added.

Mazda did not say who the threat actors were and did not discuss the nature of the attack. It did say that the hackers broke in by abusing “security vulnerabilities in the systems that were exploited.”

So far, no cybercriminal groups have claimed responsibility for the attack, and given that just 692 records were exposed, it is likely that no one will. Cybercriminals who leak only a handful of data often get ridiculed for it, especially when the data doesn’t include more than the basics “names, email addresses”.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.