table of contents
- 01.Major malware and unauthorized access incidents
- 02.Other government and industry trends
- 03.lastly
In October 2025, various security incidents were reported, including unauthorized access due to misconfiguration of cloud environments and the theft of information by former employees. Among these, ransomware attacks caused a series of business interruptions, severely impacting corporate activities. This article summarizes the major incidents reported in October, as well as government and industry trends, and provides information useful for future security measures.
Major malware and unauthorized access incidents
■ Ransomware attacks
[Update] Major Beverage Manufacturing Group: System Failure and Possible Personal Information Leak due to Ransomware Attack
On September 29, 2025, a major beverage manufacturing group was hit by a ransomware attack, causing a system outage. This has disrupted various operations, including order acceptance and shipping, at domestic group companies. The attack only affected systems within Japan, and no damage has been confirmed to have been caused to overseas systems. Furthermore, investigations have confirmed the possibility that personal information may have been illegally transferred, and measures are being taken against those in possession of the relevant information. [1]
Retail: Ransomware attack halts online orders
In October 2025, the website of a company selling office supplies was hit by a ransomware attack, completely halting order acceptance and shipping. Other services, such as new member registration and email delivery, were also halted. Furthermore, an investigation into whether any information was leaked is still ongoing. [2]
Retail industry: Possibility of credit card information being leaked due to unauthorized access
In August 2024, unauthorized access by a third party was discovered on a retailer’s e-commerce website. As a result, it was confirmed that the credit card information of 12,630 customers who used the e-commerce website between March 2021 and August 2024 may have been leaked. The potentially leaked information included cardholder names, card numbers, expiration dates, security codes, email addresses, passwords, and phone numbers. The company explained that it delayed the announcement because it felt announcing the information at an uncertain stage could cause confusion. It then stated that it decided to make the announcement after confirming the results of the investigation and coordinating with the card companies. The old website has now been closed, and a new website with enhanced security was launched in November 2024. The company is currently working to implement PCI DSS-compliant operations and strengthen monitoring to prevent recurrence. [3]
■ Cloud environment incidents
Delivery service industry: Possibility of personal information leakage due to disclosure of cloud server access keys
It was discovered that the access keys for the cloud server of a company operating a subscription delivery service were publicly available for approximately one year and seven months, from January 2024 to August 2025. As a result, third parties were reportedly able to access the server. The information potentially leaked included 20,776 items in total, including membership information, address information, and order information such as delivery addresses for some individual and corporate customers, as well as names of contact persons, delivery addresses, and contact information for corporate business partners. The company has disabled the access keys, updated authentication information, and revised its auditing functions. [4]
Information services industry: Possibility of personal information leakage due to incorrect access permission settings in cloud environments
On September 2, 2025, an information services company discovered a mistake in the access permissions settings in the cloud environment used to manage employees’ PCs and mobile phones (company-issued devices), allowing third parties to access the information. Potentially leaked information included the names, employee numbers, job titles, departments, and email addresses of employees, temporary workers, and contractors. At this time, no evidence of unauthorized access by third parties has been found, and the company corrected the access permissions on the same day the problem was discovered, completing the response. [5]
Information services industry: Unauthorized access at an AI-OCR tool provider
On September 25, 2025, it was discovered that an AI-OCR service provided by an information service provider had been illegally accessed by a third party. Subsequent investigations revealed a possible leak of personal information on October 15. [6]
■Other incidents
Real estate management industry: Possibility of personal information leak due to unauthorized access
On July 28, 2025, a real estate management company received a report from an investigative agency that files believed to contain personal information were being sold on a dark web site. The investigation into the incident confirmed unauthorized access to the server and information leaks. It was discovered that the attacker had illegally obtained a file containing the administrator password and used that password to gain unauthorized access. The leaked information is said to include approximately 1,900 pieces of data entered into an inquiry form and approximately 4,200 contract list files. [7]
Logistics service industry: Former employee illegally takes out business partner information
On October 14, 2025, it was discovered that a former employee of a branch office of a major logistics company had illegally taken information about local business partners and leaked it to two companies. The information taken amounted to approximately 26,790 items, including company names, addresses, and invoice amounts. Of these, 750 included personal names, and 324 included the names of current and former employees. To date, only one case of unauthorized use has been confirmed. [8]
Logistics services industry: Unauthorized logins due to password list attacks
On October 15, 2025, it was discovered that a third party had illegally logged into “My Page,” a membership service operated by a major logistics company, using a fraudulently obtained ID and password. There has been no confirmed leakage of credit card or bank account information at this time. The company has identified and blocked the IP address from which the unauthorized access occurred and notified affected members individually. The company is also strengthening measures to prevent recurrence, such as encouraging members to change their passwords and enable two-factor authentication. [9]
Other government and industry trends
IPA Announces Registration Status of JVN iPedia, a Vulnerability Countermeasure Information Database, for the Third Quarter of 2025
The Information-Technology Promotion Agency (IPA) has released the vulnerability countermeasure information registration status for the third quarter of 2025 (July 1 to September 30, 2025) in its vulnerability countermeasure information database, JVN iPedia. The number of vulnerabilities registered in the Japanese version of JVN iPedia during the quarter was 10,869, bringing the cumulative total number of vulnerabilities registered since JVN iPedia’s launch on April 25, 2007, to 253,767. [10]
