Mazda 2025 Employee and Partner Data Breach

Mazda Motor Corporation, a global automotive manufacturer, experienced a security breach involving unauthorized access to a third-party file transfer service used by the company. The incident was detected in December 2025, with public disclosure occurring in March 2026, representing a three-month gap between discovery and notification. The breach exposed sensitive information belonging to Mazda employees and business partners, though specific record counts or affected system details were not quantified in the announcement.

The attack chain involved compromise of a third-party file transfer service utilized by Mazda for business operations, representing a supply chain attack vector. Attackers gained unauthorized access to this external service, enabling exfiltration of employee personal information and partner company data. The specific exploitation technique and infrastructure details were not disclosed, and no threat actor attribution was provided in the breach notification.

Mazda has initiated breach notification procedures to affected employees and business partners following the March 2026 disclosure. The company confirmed it is working with external cybersecurity experts to investigate the incident and implement additional security measures, though specific containment milestones or regulatory actions were not detailed in the initial announcement.