Kubota, a major agricultural machinery manufacturer, recently reported a security breach within its credit sales group.
As a result, around 60,000 personal information records were compromised. This breach was connected to Kubota Credit, a credit sales company within the group, and involved data managed by the contractor Iseto.
Kubota reported that a breach occurred on May 26th, when ransomware infected the servers and computers at Iseto, located in Nakagyo Ward, Kyoto City.
Iseto handles the printing and shipping of statements for Kubota Credit. At first, there were reports stating that no data had been leaked.
However, Iseto confirmed on June 27th that the leaked data did contain personal information of Kubota Credit users.
The data that was compromised consists of the printing data for Kubota Credit's statements and invoices from September 2022.
More precisely, it included the personal details, such as names, addresses, statements, and withdrawal account information, of 61,424 individuals and corporations.
It is worth noting that this data was not linked to Kubota's primary system, and only the printing information was compromised, with no other types of data being exposed.
Kubota has made it clear that they instructed Iseto to delete any information provided for business purposes right after the work was done. It's still not clear why the data from 2022 wasn't deleted according to these instructions.
Kubota has set up a consultation desk to provide assistance to those who have been affected by the incident.
If you happen to come across any email that seem suspicious or unfamiliar, it is highly recommended to get in touch with the police.
In addition, Kubota Credit's Customer Service Desk is also here to help address any concerns and provide support to those affected by the breach.
Customer Service Desk for Kubota Credit:
Kubota is actively working to resolve this security issue and implement measures to prevent it from happening again in the future.
The company is collaborating with Iseto to investigate the reasons behind the failure to delete the 2022 data as mandated and to enhance adherence to data management protocols going forward.