A massive data breach at KDDI Corporation, one of Japan's largest telecommunications companies, has exposed up to 14.2 million email accounts across six Japanese internet service providers. The breach occurred when attackers exploited a vulnerability in third-party software, highlighting the risks associated with supply chain attacks. The impacted email accounts belong to customers of six ISPs, making it a significant incident in terms of scope and potential impact. KDDI Corporation, which generates annual revenue of roughly ¥5.9 trillion, has acknowledged the breach and is likely to face intense scrutiny over its cybersecurity practices1. The breach underscores the importance of robust vulnerability management and supply chain risk assessment for organizations, particularly those in critical infrastructure sectors. This incident matters to cybersecurity practitioners because it demonstrates the potential consequences of failing to address vulnerabilities in third-party software, which can have far-reaching and devastating effects on customers and the organization's reputation.