Tenga Reports Data Breach After Employee Email Compromise in June 2026
Japanese sex toy manufacturer Tenga disclosed a data security breach in June 2026, resulting from unauthorized access to an employee’s professional email account. The attacker gained entry to the inbox, exposing customers’ names, email addresses, and correspondence history including order details and support requests due to the sensitive nature of the products involved.
While Tenga did not confirm the total number of affected individuals, the company has shipped over 162 million products globally. The breach appears to have targeted Tenga Store USA, though it remains unclear whether customers outside the U.S. were impacted.
In response, Tenga reset the compromised employee’s credentials and implemented multi-factor authentication (MFA) across its systems. The company did not disclose whether MFA was in place prior to the incident. Customers were advised to update passwords and remain cautious of suspicious emails linked to the breach.
Founded in 2005 and headquartered in Tokyo, Tenga joins a growing list of adult-content and sex toy companies targeted by cyberattacks, including Lovesense (2025), Pornhub, and SexPanther (2020). The breach was first reported by a technology publication covering cybersecurity and privacy.
Source: https://mezha.net/eng/bukvy/tenga-reports-data-breach-exposing-customer-information/
Tenga TPRM report: https://www.rankiteo.com/company/tenga-usa
"id": "ten1771022034",
"linkid": "tenga-usa",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (potentially Tenga '
'Store USA customers)',
'industry': 'Adult Products (Sex Toys)',
'location': 'Tokyo, Japan',
'name': 'Tenga',
'size': 'Global (162 million products shipped)',
'type': 'Company'}],
'attack_vector': 'Email Compromise',
'customer_advisories': 'Update passwords, remain cautious of suspicious '
'emails linked to the breach',
'data_breach': {'personally_identifiable_information': 'Names, Email '
'Addresses',
'sensitivity_of_data': 'High (sensitive nature of products)',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII), Order '
'Details, Support Requests'},
'date_detected': '2026-06',
'date_publicly_disclosed': '2026-06',
'description': 'Japanese sex toy manufacturer Tenga disclosed a data security '
'breach in June 2026, resulting from unauthorized access to an '
'employee’s professional email account. The attacker exposed '
'customers’ names, email addresses, and correspondence history '
'including order details and support requests.',
'impact': {'brand_reputation_impact': 'Potential impact due to sensitive '
'nature of products',
'data_compromised': 'Customers’ names, email addresses, '
'correspondence history (order details, '
'support requests)',
'identity_theft_risk': 'Potential risk due to exposed personally '
'identifiable information',
'systems_affected': 'Employee email account'},
'initial_access_broker': {'entry_point': 'Employee email account'},
'post_incident_analysis': {'corrective_actions': 'MFA implementation, '
'credential reset',
'root_causes': 'Unauthorized access to employee '
'email account'},
'recommendations': 'Implement MFA, enhance email security, monitor for '
'suspicious activity',
'references': [{'source': 'Technology publication covering cybersecurity and '
'privacy'}],
'response': {'communication_strategy': 'Customer advisories to update '
'passwords and remain cautious of '
'suspicious emails',
'containment_measures': 'Reset compromised employee credentials, '
'implemented multi-factor authentication '
'(MFA)',
'remediation_measures': 'MFA implementation'},
'title': 'Tenga Data Breach After Employee Email Compromise',
'type': 'Data Breach'}