TOKYO, JAPAN, March 5, 2025 — NTT Communications Corporation (NTT Com), announced today that on February 5th, it determined that unauthorized access to its systems had occurred. On the following day, the company established that certain information may have been leaked.

Following an internal investigation, we determined there was a possibility that some data stored within our internal Order Information Distribution System, which manages and distributes information related to service orders and changes for corporate customers, had been leaked. No information related to services provided to individual customers was leaked.

In response, on February 5th, we promptly initiated preliminary security measures. On February 15th, we implemented additional measures to isolate the device that had been subject to the unauthorized access.

We are currently in the process of contacting customers whose order data may have been accessible as a result of this unauthorized access. At this time, there is no evidence of any unauthorized usage of such information. We sincerely apologize for any inconvenience and concern this may cause to our customers and to any other concerned parties.

1.Discovery of Unauthorized Access and Measures Taken

On February 5th, our Information Security Department identified a suspicious log in a communication to the device A within our internal Order Information Distribution System (see diagram below). Immediately upon detection, we implemented preliminary measures to restrict access to the device within the system.

We subsequently commenced a detailed investigation, analyzing the communication logs between the device in question and adjacent systems, as a result of which on February 6th we discovered that certain information might have been leaked from the Order Information Distribution System.

Continuing our investigation, we confirmed on February 15th that unauthorized access had occurred with the device B (see diagram below). In response, this device was promptly disconnected from the internal network.

Summary diagram

2.Customer Impact

At this time, we believe the information listed below may have been potentially leaked. Customers who might have been affected are being notified individually by our sales representatives or via letters in sealed envelopes. Please note we will not be sending any information regarding this matter via email.

• Number of customers whose information may have been leaked: 17,891
• Affected services: services provided to certain corporate customers (corporate cellphone and smartphone subscriptions with NTT DOCOMO were not affected).
• Information potentially leaked: contract numbers, the customer name shown on the contract, customer contact names, telephone numbers, e-mail addresses, postal addresses, and information related to the use of services.

3.Future Measures

To prevent any recurrence, we are enhancing all appropriate security measures and monitoring systems. Should any new relevant information become available, we will disclose it promptly. However, we appreciate your understanding that, in order to protect customer confidentiality, we will refrain from disclosing any information regarding individual customers.