Japanese telecommunications giant NTT Communications (NTT Com) confirmed a significant security breach affecting nearly 18,000 corporate clients. The incident, which occurred in February, involved unauthorized access to internal systems used for managing service orders, potentially compromising sensitive data of countless individuals across global enterprises.
Scope of the Data Exposure
The breach impacts 17,891 organizations that rely on NTT Com for network and telephony services. According to the company, the stolen information includes:
- Customer names and contract identifiers
- Phone numbers and email addresses
- Physical business addresses
- Service usage logs and technical data
While NTT Com serves over 100,000 corporate clients in 70 countries, as noted on their official website, the company has yet to disclose the specific identities of the affected firms or the precise number of individual employees impacted by the leak.
Timeline of the Security Failure
NTT Com first identified the unauthorized entry into its systems on February 5. Initial containment efforts involved restricting access to the compromised device. However, the situation escalated on February 15 when the company discovered that attackers had successfully pivoted to a second device within the internal network. This device was subsequently disconnected to prevent further exposure.
The Rising Threat to Telecom Infrastructure
The origin and specific methodology of the attackers remain under investigation. As of now, no major ransomware syndicates have claimed responsibility for the intrusion.
This incident underscores a growing trend of cyberattacks targeting telecommunications infrastructure. Nation-state actors and sophisticated cybercriminal groups frequently view these providers as high-value targets due to the vast amounts of sensitive communication records they store. Recent history highlights this vulnerability, most notably with the “Salt Typhoon” group, which gained access to private communications of high-ranking U.S. government officials by infiltrating major U.S. phone and internet providers.
For organizations, these breaches serve as a critical reminder of the risks associated with centralized data management, as attackers continue to leverage stolen phone and service records to facilitate broader, more devastating cyber campaigns.