Nikkei data breach exposes personal data of over 17,000 staff

Japanese publishing giant Nikkei has confirmed a major data breach that potentially exposed the personal information of more than 17,000 employees and business partners after hackers infiltrated its internal Slack messaging platform.

The Tokyo-based media group, one of the world’s largest media organisations known for its flagship daily newspaper, The Nikkei, said the attackers gained unauthorised access by stealing login credentials from an employee’s malware-infected personal computer.

The compromised data could include names, email addresses, and chat histories for 17,368 individuals registered in the internal workspace. Nikkei uses the popular collaboration tool for some of its operations, but it did not specify which departments or subsidiaries were affected by the breach.

In a statement, the company said it takes the incident – which was discovered in September 2025 – seriously and will further strengthen personal information management to prevent any recurrences. It added that there was no leakage of information related to journalistic sources or reporting and has implemented security measures, such as mandating password resets.

While Nikkei said the data exposed in the breach is not covered by Japan’s Personal Information Protection Law, it voluntarily notified the country’s Personal Information Protection Commission, citing the incident’s significance and to ensure transparency.

This is not the first cyber security incident for the group. In May 2022, its Singapore subsidiary was hit by a ransomware attack affecting a server that may have contained customer data. Before that, in September 2019, its US arm, Nikkei America, lost $29m in a business e-mail compromise attack.

Cyber security experts said the latest breach underscores the risks of hybrid work arrangements, where employees may use personal devices to access corporate networks.

“This incident highlights the growing reality that security is tethered to the users’ endpoints,” said Andy Ward, senior vice-president for international at Absolute Security.

“In this case, the root cause was the compromise of an unmanaged, personal device. When employees use non-enterprise-managed endpoints to access corporate resources, organisations lose visibility and control, creating a blind spot that attackers are quick to exploit,” he added.

Ward urged enterprises to enforce strict access controls and ensure they can monitor and secure every device connecting to company data, especially with the overlap of personal and professional use in today's work environment.

Max Heinemeyer, global field chief information security officer (CISO) at cyber security specialist Darktrace, had warned about security challenges with software as a service (SaaS) applications in a recent interview with Computer Weekly.

He noted that while the SaaS model makes it easier to consume IT, and people tend to trust the security efforts of SaaS suppliers, there have been cases where vulnerabilities don’t get picked up until it’s too late.

“Somebody’s in your environment, they’ve been poking around, and they might have exported data. There is a distinct gap between consuming and feeling safe and actually putting proper protections in place,” he said, adding that these include not only best practices around passwords, multifactor authentication, and passkeys but also watching for unusual activity.

An example would be a Microsoft 365 account login from a country where the company has no presence, especially if the user behaves atypically by changing email rules and creating new folders.

“You’ve got to do the checks and balances and not just try to design it as securely as you can,” said Jarvis. “You can’t protect what you can’t see, so it all starts with getting visibility.”