ActiveLow impactAI Refreshed

KDDI Mail System Breach Exposes Up to 14.22 Million Email Addresses and Passwords

Detected 23 Jun 2026Occurrence date not yet established -- showing first detection by the desk.·
🇯🇵 Japan (KDDI corporate operations)4 reports
CyberCyberCasualty & Liability

KDDI disclosed unauthorized access to its business-partner email system potentially exposing up to 14.22 million email addresses and passwords, with the company urging affected users to change passwords. Corroborating reporting describes the incident as a shared-infrastructure flaw impacting approximately six Japanese ISPs including KDDI affiliates and Chubu Telecommunications, with Japan's Personal Information Protection Commission now referenced as investigating. No quantified insured loss, ransomware activity, operational outage, or regulator enforcement action has been reported; potential_impact remains low pending further evidence of a London Market loss pathway.

AI-generated from linked source reports. See our correction policy.

Impact verdict

Low impact. Loss pathway: A confirmed unauthorized access at a major Japanese telecom carrier's business-partner email system, potentially exposing up to 14.22 million credential records, is a material cyber privacy/liability event with direct Cyber exposure and plausible Casualty & Liability exposure via APPI regulatory engagement. Severity is supported by the 14.22M-record scale, KDDI's status as a large publicly listed carrier, and corroborating reporting that flags a shared-infrastructure flaw across ~6 Japanese ISPs and active involvement of the Personal Information Protection Commission. Severity is capped at LOW by absence of: a quantified loss estimate, confirmed additional PII beyond credentials, ransomware or operational disruption, regulator enforcement, or cyber-market repricing signals. Per the London Market impact gate, no concrete London Market loss pathway (named-insured asset damage, closure, vessel/cargo loss, sanctions asset action, claims/loss estimate, or market pricing impact) is yet evidenced; potential_impact remains low.

View assessment methodology

Premium discovery tier

Unlock analyst briefs, intelligence depth, and the revision timeline

Public pages show event facts and a short lead-in. Premium accounts unlock analyst briefs, deeper intelligence, loss context, and the full revision history for this event.

Start two-week trial

Geographic Zone Matches

1 active match

  • Pacific Ring of Fire
    Rule-basedConfidence 100%

Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.

Affected countries

🇯🇵 Japan

Lloyd's classifications

Tracking this kind of risk? Get an email when Cyber events escalate.

Get alerts