In April 2025, Internet Initiative Japan Inc. (IIJ), a prominent provider of enterprise email security services, disclosed a significant security breach affecting its “Secure MX Service.” This incident has raised concerns about the security of cloud-based email services and the potential risks associated with third-party providers.

Background of IIJ Secure MX Service

IIJ’s Secure MX Service is designed to offer robust email security solutions, including spam filtering, virus protection, and compliance features. It serves a wide range of corporate clients, providing essential communication infrastructure.

Details of the Breach

The breach was identified on April 10, 2025, but unauthorized access had been occurring since August 3, 2024. During this period, attackers executed unauthorized programs within the service infrastructure, leading to potential exposure of sensitive information.

Scope of the Impact

The breach potentially affected up to 6,493 contracts, encompassing approximately 4,072,650 email accounts. The compromised data includes:

• Email account credentials (usernames and passwords)

• Contents and headers of sent and received emails

• Authentication information for third-party cloud services integrated with the Secure MX Service

Notably, even clients who had terminated their contracts before August 3, 2024, might have been impacted, as their data remained within the system.

Response and Mitigation Efforts

Upon discovering the breach, IIJ promptly identified and isolated the unauthorized access points. The company has since restored the service to a secure operational state and continues to investigate the root causes and full extent of the breach. Affected clients have been individually notified, and IIJ has established dedicated channels for inquiries and support.

The Escalating Cyber Threat Landscape in Japan

Cyberattacks are increasingly targeting organizations across Japan, regardless of size or industry. Recent incidents have highlighted the growing scale and sophistication of these threats:

• April 2025 – IIJ Email Service Breach: A cyberattack on IIJ’s Secure MX Service exposed over 4 million corporate email accounts, demonstrating that even leading service providers are vulnerable to breaches.

• June 2024 – Kadokawa Ransomware Attack: Kadokawa Corporation and its video platform Niconico suffered a ransomware attack by the Russian-linked group BlackSuit, affecting over 254,000 users and disrupting operations. This incident underscored vulnerabilities in Japan’s cyber infrastructure and resulted in significant financial losses and reputational damage.

• February 2022 – Toyota Supply-Chain Hack: A cyberattack on a supplier forced Toyota to suspend production at 14 domestic factories. Attackers infiltrated a third-party partner to access Toyota’s network, highlighting how supply chain vulnerabilities can disrupt even the most robust manufacturing operations.

These examples illustrate that no sector is immune—be it IT services, media, or manufacturing—and the ripple effects of an attack can be severe. According to Japan’s National Police Agency, 222 ransomware incidents were reported in 2024, an increase from the previous year. Nearly half of these cases took over a month to resolve, with victim companies incurring costs exceeding ¥10 million on average. Alarmingly, less than 20% of affected businesses had effective business continuity plans in place.

Compounding the challenge is a shortage of skilled cybersecurity professionals. Japan faces an estimated deficit of 110,000 security experts to meet current needs—the largest talent gap in Asia, which continues to grow annually. This shortage means organizations cannot rely solely on staffing to address threats. Instead, they must leverage strategic approaches, automation, and trusted partnerships to bolster their defenses.

Implications for Businesses

This incident underscores the critical importance of:

• Regularly updating and patching systems to prevent exploitation of known vulnerabilities

• Implementing comprehensive monitoring to detect unauthorized activities promptly

• Conducting thorough assessments of third-party service providers’ security measures

• Ensuring data minimization practices, especially concerning data retention post-contract termination

Rescana Is Here for You

In light of such incidents, it’s imperative for businesses to reassess their cybersecurity strategies. Rescana offers advanced solutions in External Attack Surface Management (EASM) and Third-Party Risk Management (TPRM) to help organizations identify vulnerabilities, monitor third-party risks, and enhance overall security posture. Our expertise ensures that your business is equipped to prevent, detect, and respond to cyber threats effectively.

For more information on how Rescana can assist in strengthening your cybersecurity framework, please contact us.

References

1. IIJ Press Release on Secure MX Service Breach:

   https://www.iij.ad.jp/en/news/pressrelease/2025/0415.html

2. Kadokawa and Niconico Cyberattack:

   https://en.wikipedia.org/wiki/2024_cyberattack_on_Kadokawa_and_Niconico

3. Toyota Supply Chain Cyberattack:

   https://www.theverge.com/2022/2/28/22954688/toyota-cyberattack-factory-shut-down-cars-output

4. National Police Agency Ransomware Statistics:

   https://sp.m.jiji.com/english/show/38861

5. Japan’s Cybersecurity Talent Gap:

   https://nihoncyberdefence.co.jp/en/japans-growing-cyber-security-talent-gap-and-its-impacts/