TL;DR: Hitachi T&D Solutions was claimed by INC Ransom on July 21, 2025, with exposed CEO, employee, and customer data including passwords, security questions, tax files, and payment documents, according to Gurucul. The incident shows how credential exposure and poorly governed third-party access can turn a data leak into broad operational and privacy risk.
NHIMG editorial — based on content published by Gurucul: Hitachi T&D Solutions, Inc. Data Leak
By the numbers:
- The company employs around 120 people and generates approximately $69.5 million in annual revenue.
- On July 21, 2025, INC Ransom claimed to have breached Hitachi T&D Solutions, Inc.
- On June 11, 2025, Hitachi Vantara confirmed a ransomware incident that disrupted some of its systems after an April 26 event.
Questions worth separating out
Q: What fails first when leaked credentials and identity documents are exposed together?
A: The first failure is usually trust.
Q: Why do leaked employee and customer records increase breach impact so much?
A: Because they can be combined.
Q: What do security teams get wrong about document leaks involving identities?
A: They often focus on the files themselves and miss the access paths those files enable.
Practitioner guidance
- Rotate exposed credentials immediately Invalidate any password, security question answer, or recovery path that appears in the leak, then review adjacent accounts that reused the same identity data.
- Reclassify identity-adjacent documents Move tax files, bank statements, employee exit forms, and payment records into controlled repositories with least-privilege access and logging.
- Audit third-party and customer portal access Check whether leaked portal addresses, usernames, or shared credentials still work, and confirm offboarding and revocation for every connected account.
What's in the full article
Gurucul's full blog covers the incident details and evidence this post intentionally leaves for the source:
- Screenshots and file examples showing the leaked portal credentials, security questions, and employee records.
- Reference links and incident context around the claimed INC Ransom attribution and related Hitachi coverage.
- Detailed descriptions of the exposed tax, payment, and bank documents that expand the breach impact.
- The source article's own screenshots and supporting references for investigators who need primary evidence.
👉 Read Gurucul's analysis of the Hitachi T&D Solutions data leak →
Hitachi T&D data leak: what this breach says about credential governance?
Explore further
Identity data leakage is a governance failure, not just a confidentiality event. The breach set included passwords, security questions, bank statements, tax records, and employee exit forms. That combination expands the attack surface from reading sensitive files to impersonating people, resetting access, and enabling fraud. The practitioner conclusion is clear: treat identity-adjacent documents as security artefacts with lifecycle controls, not loose business records.
A few things that frame the scale:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, with 46% confirmed and 26% suspected, according to The 2024 ESG Report: Managing Non-Human Identities.
- The average organisation believes more than 1 in 5 of their non-human identities are insufficiently secured.
A question worth separating out:
Q: Who is accountable when leaked portal credentials and internal records can be reused?
A: Accountability sits across IAM, the business owner of the records, and any third-party relationship that shared the access. Under common governance expectations, organisations must be able to show who approved access, who retained the records, and who revoked them when the relationship changed. If that cannot be shown, the control gap is organizational, not technical.
👉 Read our full editorial: Hitachi T&D data leak shows the cost of exposed credentials