NTT Communications warns nearly 18,000 corporate customers of data breach

Japanese telecommunications giant NTT Communications Corporation (NTT) has alerted nearly 18,000 corporate clients to a cybersecurity breach that exposed sensitive customer information. The incident, discovered in early February 2025, targeted the company’s Order Information Distribution System, which stored data related to corporate contracts.

NTT first detected unauthorized access to its systems on February 5, 2025, and by February 6, it confirmed that some information had been leaked externally. The compromised data includes customer names, contract representatives’ names, contact numbers, phone numbers, email addresses, physical addresses, and details regarding service usage. However, the company assured that contracts for corporate smartphones and mobile services provided by NTT Docomo remained unaffected.

In response to the breach, NTT promptly blocked the attackers’ access to its systems by February 6. However, a subsequent investigation on February 15 revealed that the cybercriminals had pivoted to another network device within NTT’s infrastructure. The company swiftly disconnected this compromised device, and officials are now confident that the threat has been fully contained.

Unlike many companies that directly notify affected customers, NTT has decided against sending personalized alerts. Instead, it has issued a public announcement on its website, serving as the sole notification regarding the breach.

This incident marks yet another cybersecurity challenge for NTT, which cybercriminals have previously targeted. On January 2, 2025, the company suffered a 12-hour service disruption on its mobile and payment platforms due to a large-scale distributed denial-of-service (DDoS) attack. In May 2020, hackers also infiltrated NTT’s internal network and stole sensitive information from hundreds of customers.