Cyber Incident Victim: Nippon Telegraph & Telephone
Date:
Feb 2025
Location:
Japan
Summary
NTT Communications detected unauthorized access to its internal Order Information Distribution System, initially identifying suspicious activity in communications to a compromised device and later discovering a second affected device. The incident potentially exposed corporate customer data—including contract details, contact information, and service usage records—from nearly 18,000 business clients, though individual customer data remained unaffected. Immediate containment measures restricted access to the breached devices, and no evidence of data misuse has been confirmed. The company is directly notifying impacted organizations while reinforcing security protocols to prevent recurrence.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 5, 2025, NTT Communications Corporation detected suspicious communication logs in Device A of its internal Order Information Distribution System, which manages corporate customer service launch and modification data. The Information Security Department implemented immediate containment measures that same day by restricting access to Device A. Subsequent log analysis confirmed by February 6 that unauthorized actors potentially exfiltrated corporate customer service information from this system. The investigation expanded to surrounding infrastructure, leading to the discovery on February 15 of additional compromise in Device B within the internal network, which was promptly isolated from corporate systems. No evidence indicated individual consumer data exposure, with the breach confined to enterprise client records in the targeted order management platform.

The incident potentially exposed contract details, customer names, contact personnel information, phone numbers, email addresses, physical addresses, and service usage data for 17,891 corporate accounts. NTT Communications initiated direct notifications through sales representatives and postal correspondence to affected organizations, explicitly avoiding electronic notifications to prevent phishing risks. Monitoring confirmed no fraudulent use of compromised data as of the disclosure date. The company established a dedicated hotline for customer inquiries while maintaining confidentiality regarding individual case specifics. Security enhancements focused on network monitoring improvements and access control reinforcement, with no additional compromised systems identified beyond Devices A and B during the investigation period.
