Mazda Says Employee, Partner Data Stolen in Cyberattack

Japanese automaker Mazda Motor Corporation has revealed a cybersecurity incident that exposed personal details belonging to hundreds of employees and business partners.

According to the company, the breach was detected in mid-December and involved unauthorized entry into a management system used to handle warehouse operations tied to parts sourced from Thailand.

The compromised data includes information linked to Mazda staff, affiliated group employees, and external partners. In total, 692 records were affected, based on an official incident notice released by the company.

Mazda stated that the exposed records contain company-issued user IDs, names, email addresses, company affiliations, and partner identification numbers.

The automaker emphasized that no customer data was involved, noting that such information is not stored in the affected system, and therefore could not have been impacted.

The company also explained that attackers gained access by taking advantage of security gaps within the application. However, it did not disclose the specific software involved or the exact vulnerabilities that were used.

Mazda said the breach was traced back to unauthorized third-party access through exploited system weaknesses tied to its business operations platform.

Following the incident, Mazda reported the breach to the appropriate authorities, quickly applied securty updates, tightened access controls, improved monitoring, and limited internet connectivity to reduce further risk.

“At this time, no secondary damage has been confirmed. However, there remains a chance that the exposed personal data could be misused later, for example in phishing attempts or spam messages. If you recieve any suspicious communications, please stay alert,” the company said.

In response to media questions, a Mazda representative declined to provide additional details about the affected system but indicated that the incident does not appear to be connected to the previously reported Oracle EBS breach.

The spokesperson also said the attack has not been linked to any specific threat group so far, adding that the investigation is ongoing and that there has been no direct contact from the attackers.