Mazda Motor Corporation (Mazda) announced that information belonging to its employees and business partners had been exposed in a security incident detected last December.

Mazda is one of Japan’s largest automotive manufacturers, with an annual production of 1.2 million vehicles and revenue of nearly $24 billion.

The company said the attackers exploited a vulnerability in a system related to warehouse management for parts procured from Thailand. The system did not contain any customer data. Also, the breach is limited to 692 records.

“Mazda Motor Corporation has identified traces of unauthorized external access to a management system used for warehouse operations related to parts procured from Thailand,” reads Mazda’s announcement.

“Following this discovery, the Company promptly reported the matter to the Personal Information Protection Commission – an external bureau of the Japanese Cabinet Office – and implemented appropriate security measures and conducted an investigation in cooperation with an external specialist organization.”

The investigation revealed that the potentially exposed information includes the following data types:

• User IDs
• Full names
• Email addresses
• Company names
• Business partner IDs

Although Mazda says it has detected no misuse of that information, the company recommends that impacted individuals remain vigilant because the risk of phishing attacks and scams targeting them is significant.

Apart from notifying the authorities, Mazda also implemented additional security measures on its IT systems, including reducing internet exposure, applying security patches, increasing monitoring for suspicious activity, and introducing stricter access policies.

At the time of writing, no ransomware group has publicly claimed the attack on the Japanese company.

BleepingComputer has contacted Mazda to learn more about the incident, and we will update this post with an official response as soon as it reaches us.

Although a data breach was never officially confirmed by Mazda, the Clop ransomware group in November 2025 posted Mazda.com and MazdaUSA.com on its data leaks site, claiming it compromised both the Japanese automaker and its U.S. subsidiary.