The breach, which occurred through an outsourced service provider, represents one of the most substantial data security failures in the company’s recent history and has prompted immediate action including contract termination and police consultation.
The security incident involved the potential leak of 137,156 pieces of personal information from both SoftBank and Y! Mobile subscribers.
The compromised data included sensitive customer details such as full names, residential addresses, and phone numbers of affected users.
However, the company has confirmed that more sensitive financial information, including credit card numbers and bank account details, were not included in the breach.
The scale of the incident makes it particularly concerning for Japan’s telecommunications sector, where data protection standards are rigorously enforced.
SoftBank’s customer base spans millions of users across Japan, making this breach affect a significant portion of their subscriber network.
The exposure of personal contact information raises immediate concerns about potential misuse, including targeted phishing attempts, identity theft, and unauthorized marketing communications.
The discovery of this breach came to light following a report from an unidentified third party in March 2025, which prompted SoftBank to launch a comprehensive internal investigation.
This external notification suggests that the breach may have gone undetected by SoftBank’s internal security monitoring systems, raising questions about the effectiveness of their oversight mechanisms for third-party data handling.
The root cause of the data exposure has been traced to UF Japan, a company that had been contracted by SoftBank to handle various outsourced operations involving customer data processing.
According to SoftBank’s investigation findings, the outsourcing partner demonstrated severely inadequate security protocols, particularly regarding physical access controls to areas where sensitive personal information was processed and stored.
The most alarming aspect of the security failure was the poor management of entry and exit procedures for floors designated for personal information handling.
This lax security environment allegedly enabled a former employee of another partner company to gain unauthorized access to the premises.
The unauthorized individual is suspected of illegally entering the facility and extracting personal information sometime in December 2024, suggesting the breach may have remained undetected for several months.
Furthermore, the investigation revealed that personal information was made accessible to individuals who had no legitimate business need for such data access.
This violation of the principle of least privilege indicates systemic security management failures that extended beyond simple physical security lapses to encompass broader data governance issues within the outsourcing arrangement.
In response to this significant security incident, SoftBank has taken immediate and decisive action by terminating its contractual relationship with UF Japan.
The telecommunications company has also initiated consultations with law enforcement authorities to explore potential criminal charges and determine appropriate legal responses to the incident.
According to Report, SoftBank’s official statement emphasized their commitment to treating this incident with the utmost seriousness.
The company has acknowledged the gravity of the situation and pledged to implement enhanced management protocols for all outsourcing partners that handle personal information.
These strengthened measures are designed to prevent similar incidents from occurring in the future and restore customer confidence in their data protection capabilities.
Moving forward, SoftBank faces the challenge of rebuilding trust with affected customers while implementing more robust third-party risk management frameworks to ensure the security of customer data across their entire supply chain network.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
The post SoftBank Data Breach: Personal Information of 137,000 Users Exposed Through Third-Party Service Provider appeared first on Cyber Security News.
2019’s Ready or Not was a breath of fresh air: a simple, savage game of…
The fact that Slay the Spire 2's Early Access debut plays so similarly to the…
In honor and support of Women’s History Month, state Rep. Joanna McClinton, the first woman…
The Live Nation-Ticketmaster trial is back on. Dozens of states are expected to move forward…
Less slop please. | Image: Spotify Spotify Premium users in New Zealand will be the…
MACHESNEY PARK, Ill. (WTVO) — Students in Harlem High School's welding program are learning about…
This website uses cookies.