Kubota North America Discloses Month-Long Network Breach, Employee Data Exposed
**Kubota North America Corporation** has revealed a significant cybersecurity incident where attackers maintained access to parts of its network for over a month. The breach, spanning from mid-March to late April, resulted in the exposure of extensive personal information belonging to employees and their dependents. The industrial giant is now notifying affected individuals and providing identity protection services.
Japanese industrial manufacturer **Kubota**, renowned globally for its agricultural and construction equipment, has confirmed a serious security breach impacting its North American operations.
The company's investigation determined that an unauthorized actor accessed network systems between March 16 and April 20 of this year.
### Extensive Data Compromise
The prolonged access allowed the threat actor to exfiltrate a wide array of sensitive personal data. According to an announcement on the **Kubota USA** website, the exposed information for employees and their dependents may include:
* Full names
* Social Security numbers
* Dates of birth
* Taxpayer IDs
* Driver's license or other government identification numbers
* Direct deposit bank account information
* Corporate payment card information
* Benefits enrollment and limited claims data
### Notification and Mitigation Efforts
**Kubota** began sending personalized notifications to affected individuals via email on June 30. These communications detail the specific types of data exposed for each recipient and provide instructions for enrolling in **Kroll** identity protection services.
Victims are strongly advised to monitor their bank accounts, healthcare-related statements, and report any suspicious activity immediately to authorities.
### Post-Incident Measures and Ongoing Investigation
While **Kubota** has stated it implemented additional security measures to prevent future incidents, the company has not disclosed further details regarding the nature of the attack or the identity of the perpetrators. At the time of writing, no ransomware groups or data extortion syndicates have claimed responsibility for the breach.
Crucially, **Kubota** reported no operational or business disruptions as a direct result of this cybersecurity incident.