The breach, which occurred through an outsourced service provider, represents one of the most substantial data security failures in the company’s recent history and has prompted immediate action including contract termination and police consultation.
The security incident involved the potential leak of 137,156 pieces of personal information from both SoftBank and Y! Mobile subscribers.
The compromised data included sensitive customer details such as full names, residential addresses, and phone numbers of affected users.
However, the company has confirmed that more sensitive financial information, including credit card numbers and bank account details, were not included in the breach.
The scale of the incident makes it particularly concerning for Japan’s telecommunications sector, where data protection standards are rigorously enforced.
SoftBank’s customer base spans millions of users across Japan, making this breach affect a significant portion of their subscriber network.
The exposure of personal contact information raises immediate concerns about potential misuse, including targeted phishing attempts, identity theft, and unauthorized marketing communications.
The discovery of this breach came to light following a report from an unidentified third party in March 2025, which prompted SoftBank to launch a comprehensive internal investigation.
This external notification suggests that the breach may have gone undetected by SoftBank’s internal security monitoring systems, raising questions about the effectiveness of their oversight mechanisms for third-party data handling.
The root cause of the data exposure has been traced to UF Japan, a company that had been contracted by SoftBank to handle various outsourced operations involving customer data processing.
According to SoftBank’s investigation findings, the outsourcing partner demonstrated severely inadequate security protocols, particularly regarding physical access controls to areas where sensitive personal information was processed and stored.
The most alarming aspect of the security failure was the poor management of entry and exit procedures for floors designated for personal information handling.
This lax security environment allegedly enabled a former employee of another partner company to gain unauthorized access to the premises.
The unauthorized individual is suspected of illegally entering the facility and extracting personal information sometime in December 2024, suggesting the breach may have remained undetected for several months.
Furthermore, the investigation revealed that personal information was made accessible to individuals who had no legitimate business need for such data access.
This violation of the principle of least privilege indicates systemic security management failures that extended beyond simple physical security lapses to encompass broader data governance issues within the outsourcing arrangement.
In response to this significant security incident, SoftBank has taken immediate and decisive action by terminating its contractual relationship with UF Japan.
The telecommunications company has also initiated consultations with law enforcement authorities to explore potential criminal charges and determine appropriate legal responses to the incident.
According to Report, SoftBank’s official statement emphasized their commitment to treating this incident with the utmost seriousness.
The company has acknowledged the gravity of the situation and pledged to implement enhanced management protocols for all outsourcing partners that handle personal information.
These strengthened measures are designed to prevent similar incidents from occurring in the future and restore customer confidence in their data protection capabilities.
Moving forward, SoftBank faces the challenge of rebuilding trust with affected customers while implementing more robust third-party risk management frameworks to ensure the security of customer data across their entire supply chain network.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
The post SoftBank Data Breach: Personal Information of 137,000 Users Exposed Through Third-Party Service Provider appeared first on Cyber Security News.
Nintendo has announced a major new Switch 2 feature that improves the performance of most…
The second Magic: The Gathering set of 2026 is here, and it’s Turtle Time! The…
2024 was a solid year for Magic: The Gathering, but in all the excitement over…
Magic: The Gathering has kicked off its newest Teenage Mutant Ninja Turtles set, but Lorwyn…
Amazon has officially announced its Big Spring Sale (which is set to run this year…
Magic: The Gathering’s Universes Beyond lineup of crossovers is becoming more prevalent in 2026, but…
This website uses cookies.