NYK has disclosed that an external party unlawfully accessed a marine fuel procurement system, with some information — including personal data — potentially extracted during the incident.
The breach was identified on March 24, 2026, after which the company took the system offline and launched an internal investigation.
The platform was brought back into operation on March 27, with notifications submitted to Japan’s data protection regulator and law enforcement authorities. NYK noted there are no signs of ransomware involvement or any monetary demands linked to the case.
Data that may have been exposed includes names, company affiliations, phone numbers and email addresses relating to current and former employees, as well as personnel from business partners. NYK added that no misuse or follow-on impact has been detected at this stage.
