Fabrica Holdings, the Tokyo Standard Market-listed company trading under code 4193, said its consolidated subsidiary Media 4u detected a cyberattack on its SMS transmission system on June 24, 2026. Attackers gained unauthorized access to the system's management console and made off with an account management file before the company publicly disclosed the incident on July 14.
The leaked file held 95,412 records in total. Of those, Fabrica says 22,928 may qualify as personal information because they contain contact names or identifiable email addresses. The company was careful to flag that these figures count account-management records, not confirmed individuals: the same person can appear more than once, and the true number of people affected may differ from either total. The leaked fields include account IDs, usernames, contact names, prefecture and postal code data, and notification email addresses.
| Metric | Figure |
|---|---|
| Breach detected | June 24, 2026 |
| Public disclosure | July 14, 2026 |
| Total records leaked | 95,412 |
| Records with possible personal data | 22,928 |
| Unauthorized SMS sent | 280 |
| Passwords, API keys, billing data | Not included in leaked file |
Fabrica also said passwords, password hashes, API keys, authentication tokens, and any payment or billing information were not part of the compromised file. That distinction matters for how customers should respond: there is no evidence credentials were exposed in plaintext or that financial account data left the system, though the company's own precaution was to force a reset anyway.
Separately, the intruders used the compromised system to send SMS messages without authorization. Fabrica has confirmed 280 such messages so far, though it says it is still investigating their content, which accounts were used to send them, and what happened to the people who received them. The company asked customers and partners to treat unexpected texts, emails, or phone calls referencing the incident with suspicion and to act only on official communications from Fabrica or Media 4u.
On remediation, Fabrica says it has cut off the intrusion path, preserved system logs, and brought in outside specialists to trace how the attacker got in. It has reset authentication credentials and forced password changes across all customer accounts as a precaution, and it plans to introduce multi-factor authentication along with stronger access monitoring, though it has not yet detailed the specific technical measures or a timeline. The company also says it is notifying relevant regulators and third-party bodies as required.
What is still open is the money question. Fabrica states plainly that the financial impact on group earnings is under review, with no figure attached, and says it will disclose further findings, including any changes to the scope of the leak or the unauthorized-messaging count, as the investigation progresses.
