Skip to content
Data breachContained

Kubota North America says hackers had month-long access to its network

Kubota North America said an unauthorised party had month-long access to its network in early 2026, reaching HR files with the personal data of employees and dependents.

Victim
Kubota North America

In early July 2026, Kubota North America โ€” the U.S. arm of the Japanese tractor and heavy-equipment maker Kubota Corporation, headquartered in Grapevine, Texas โ€” disclosed that an unauthorised party had month-long access to some of its network systems earlier in the year. Files held by the company's human resources team, containing the personal information of employees and their dependents, were accessed during the intrusion.

According to Kubota's notifications, an unauthorised party gained access to certain network systems between 16 March and 20 April 2026. On 30 April 2026 the company discovered that HR files had been accessed, and on 16 June 2026 it determined that one or more of those files may have contained personal information. Kubota reported the breach to state regulators, including the attorneys general of California and Massachusetts, on 30 June 2026.

What was exposed

The potentially exposed information includes full names, Social Security numbers, dates of birth, taxpayer identification numbers, driver's licence or other government-issued ID numbers, financial account information used for direct deposit, corporate payment card information, and benefits enrolment and limited claims data. The exposure affected both employees and their dependents. Regulatory filings indicate that at least 2,237 Texas residents were among those affected, though Kubota has not published a total figure across all states.

Response

Kubota is offering affected individuals a complimentary membership to identity monitoring services through Kroll, and has said it took steps to secure its environment after detecting the intrusion.

Why it matters

The incident is a familiar pattern of enterprise compromise: attackers dwelling undetected on a corporate network for weeks before reaching the payroll and benefits records that yield the most valuable identity data. For a global manufacturer, the breach of an HR system exposes the highly sensitive personal and financial details of its workforce โ€” the kind of data that fuels tax fraud and identity theft long after the intrusion itself has been contained.

Sources

  1. bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/kubota-says-hackers-had-month-long-access-to-network-systems/
  2. securityboulevard.comhttps://securityboulevard.com/2026/07/kubota-says-hackers-had-month-long-access-to-network-systems/
  3. kubotausa.comhttps://www.kubotausa.com/notice-of-security-incident
  4. claimdepot.comhttps://www.claimdepot.com/data-breach/kubota-2026

Related incidents