A significant cybersecurity breach has been reported by KDDI, one of Japan's largest telecommunications companies, exposing over 12.2 million customer email addresses and 7.6 million passwords. This breach targeted an email platform operated for five Japanese internet service providers, impacting systems used for managing customer email accounts, webmail services, and email storage. KDDI initially disclosed the unauthorized access in June, but the full extent was confirmed after a detailed forensic investigation and a report submission to Japan's communications ministry. The attackers exploited a vulnerability in third-party software used by the email platform. In response, KDDI patched the flaw and modified the system immediately after detecting the intrusion. Importantly, there was no evidence that other systems were compromised. The company's consumer email services for mobile and fixed-line internet customers remain unaffected. Following the breach, many regular users have changed their passwords, and affected internet service providers are enforcing mandatory password resets. KDDI is actively analyzing the breach's scope and working with ISP operators to prevent future occurrences. This incident is part of a broader trend of cyber incidents affecting major Japanese companies recently, including Aflac Japan, Nidec, and Sapporo Holdings. Meanwhile, a separate cyber incident in Tokyo led to the arrest of a 15-year-old for exploiting server vulnerabilities at Bandai Channel.