Yellow Hat Subsidiary Suffers Major Data Breach, Exposing Over 3.4 Million Customer Records
Yellow Hat Ltd. (TSE: 9882), a Tokyo-listed automotive aftermarket company, has disclosed a cybersecurity incident at its subsidiary, 2rinkan Yellow Hat, involving unauthorized access to a member-only server. The breach may have exposed 3,455,754 customer records, including personal identifiers, contact details, app credentials, loyalty point balances, and vehicle information. While credit card data remains unaffected stored separately the compromised data spans multiple sensitive categories.
The company has initiated a staged notification process, contacting impacted 2rinkan members via phone, email, SMS, and postal mail, and has established a dedicated consultation desk for inquiries. Yellow Hat has reported the incident to Japan’s Personal Information Protection Commission and local law enforcement, confirming the breach is isolated to 2rinkan’s membership system. No impact has been reported on customers of the core Yellow Hat brand or other subsidiaries, though the company warned of potential future financial disclosures if material effects arise.
2rinkan Yellow Hat operates as a separate retail brand under the Yellow Hat group, which manages distinct membership and data systems across its subsidiaries to mitigate cross-brand risks. The incident underscores vulnerabilities in segmented infrastructure, even when designed to limit exposure. Yellow Hat’s stock (TSE: 9882) currently holds a market cap of ¥124.8 billion, with an average trading volume of 169,470 shares.
Yellow Hat Ltd. TPRM report: https://www.rankiteo.com/company/yellow-hat-limited
"id": "yel1777624108",
"linkid": "yellow-hat-limited",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '3,455,754',
'industry': 'Automotive Aftermarket',
'location': 'Japan',
'name': '2rinkan Yellow Hat',
'type': 'Subsidiary'}],
'customer_advisories': 'Impacted 2rinkan members notified via phone, email, '
'SMS, and postal mail; dedicated consultation desk '
'established',
'data_breach': {'number_of_records_exposed': '3,455,754',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal identifiers',
'Contact details',
'App credentials',
'Loyalty point balances',
'Vehicle information']},
'description': "Yellow Hat Ltd.'s subsidiary, 2rinkan Yellow Hat, suffered a "
'cybersecurity incident involving unauthorized access to a '
'member-only server. The breach exposed 3,455,754 customer '
'records, including personal identifiers, contact details, app '
'credentials, loyalty point balances, and vehicle information. '
'Credit card data was unaffected as it is stored separately.',
'impact': {'data_compromised': '3,455,754 customer records',
'identity_theft_risk': 'High',
'payment_information_risk': 'None (credit card data unaffected)',
'systems_affected': 'Member-only server'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Yellow Hat Ltd. Disclosure'}],
'regulatory_compliance': {'regulatory_notifications': ['Reported to Japan’s '
'Personal Information '
'Protection '
'Commission']},
'response': {'communication_strategy': 'Staged notification process (phone, '
'email, SMS, postal mail); dedicated '
'consultation desk',
'law_enforcement_notified': 'Yes'},
'stakeholder_advisories': 'Potential future financial disclosures if material '
'effects arise',
'title': '2rinkan Yellow Hat Data Breach Exposing Over 3.4 Million Customer '
'Records',
'type': 'Data Breach'}