What Happened in the Yorozu Automotive Data Breach?
Yorozu Automotive Tennessee Inc. has confirmed a data breach that exposed sensitive personal and health information belonging to thousands of people. The company is a U.S. manufacturing subsidiary of Japan-based Yorozu Corporation. As a result, this incident affects individuals connected to its Tennessee operations and beyond.
According to the company’s own disclosure, unauthorized access to its network occurred on or about Oct. 9, 2024. This means the intrusion sat undetected or under investigation for a significant stretch of time before notifications went out. Because breaches involving this much sensitive data often require extensive forensic review, the gap between the incident date and notification is not unusual.
Yorozu Automotive began formally notifying affected individuals on June 2, 2026. The notification followed an investigation into the scope of the compromised systems and the specific data involved. In addition, state regulators in Indiana, Massachusetts, and Vermont received breach notifications, confirming the incident’s reach across multiple states.
While the company has not publicly detailed the exact method of intrusion, the breadth of exposed data suggests attackers gained deep access to internal systems. As a result, the investigation likely involved reviewing employment records, financial systems, and health-related files stored across the organization.
Who was affected?
The Yorozu Automotive data breach affects 20,627 individuals across the United States. State-level breach notifications confirm at least 22 Indiana residents, eight Massachusetts residents, and one Vermont resident were among those impacted. This geographic spread suggests the affected population includes current and former employees, and possibly other individuals whose data the company maintained.
Given that the exposed information includes W-2 tax forms and pay stubs, it appears likely that employees or contractors make up a large share of those affected. However, the company has not publicly disclosed a detailed breakdown of the affected population. For example, it remains unclear whether customers, vendors, or dependents of employees are also included in the total count.
Because the breach touched both PII and protected health information, the population impacted could include individuals whose medical records were tied to employer-sponsored health benefits. This adds another layer of concern for those affected, since health data often carries long-term privacy implications beyond typical identity theft risks.
What Information Was Potentially Exposed?
The scope of exposed information in this breach is unusually broad. It spans core identity documents, financial account details, employment records, and medical information. This combination makes the incident especially serious for those affected.
- Full names
- Home addresses
- Dates of birth
- Social Security numbers
- Social Security cards
- Driver’s license numbers
- Government-issued identification cards and numbers
- Credit and debit card numbers
- Financial account information and access codes
- Employment records, including W-2 tax forms and pay stubs
- Health records and medical records
Because Social Security numbers and government ID numbers were exposed together, affected individuals face a heightened risk of identity theft. Criminals often combine these data points to open new credit accounts, file fraudulent tax returns, or apply for loans in someone else’s name. This risk can persist for years after a breach, which is why long-term vigilance matters.
In addition, the exposure of financial account information and access codes raises the possibility of direct account takeover. Meanwhile, the presence of health records means some individuals could also face medical identity theft, where a criminal uses stolen information to obtain medical services or prescriptions. This type of fraud can be harder to detect and may affect insurance coverage or medical records accuracy.
What is the company doing?
Yorozu Automotive responded to the breach by launching an investigation into the unauthorized access and the data involved. Following that review, the company began notifying affected individuals and relevant state attorneys general, as required under applicable breach notification laws.
As part of its response, the company is offering 24 months of free identity theft protection services through IDX. These services include credit monitoring, CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery assistance. Affected individuals can enroll using a unique code included in their notification letter, and the enrollment deadline is Sept. 2, 2026.
The company also set up a dedicated assistance line staffed Monday through Friday from 9 a.m. to 9 p.m. Eastern Time. Callers can reference the Yorozu incident when they contact the line with questions about the breach or the protective services offered. This ongoing support reflects the company’s continued effort to help affected individuals navigate the aftermath.
What Should Affected Individuals Do?
Enroll in the Free Identity Protection Services
Anyone who received a notification letter from Yorozu Automotive should enroll in the offered IDX identity protection services as soon as possible. This includes credit monitoring, CyberScan monitoring, and identity theft recovery support at no cost.
Because the enrollment deadline is Sept. 2, 2026, affected individuals should act promptly rather than setting the letter aside. Enrollment only requires the unique code provided in the notification, making it a quick step toward added protection.
Monitor Your Credit Reports Closely
Given that Social Security numbers and financial account details were exposed, affected individuals should check their credit reports regularly for unfamiliar accounts or inquiries. You can request free credit reports from each of the three major credit bureaus and review them for accuracy.
If you notice any suspicious activity, report it immediately to the credit bureau and consider disputing unauthorized entries. Regular monitoring, even beyond the free service period, can help catch fraud early before it causes lasting financial damage.
Consider a Fraud Alert or Credit Freeze
Because full Social Security numbers, Social Security cards, and driver’s license numbers were compromised, placing a fraud alert or credit freeze is a strong protective step. A fraud alert requires creditors to verify your identity before opening new accounts, while a credit freeze restricts access to your credit file entirely.
Either option can be requested directly through the credit bureaus and is generally free for identity theft victims. As a result, taking this step can significantly reduce the chances of someone opening fraudulent accounts using your stolen information.
Watch for Signs of Medical Identity Theft
Since health records and medical records were part of the exposed data, affected individuals should review any medical bills, insurance statements, or explanation-of-benefits notices carefully. Unfamiliar charges or services you don’t recognize could indicate medical identity theft.
If you spot anything unusual, contact your health insurance provider and healthcare providers right away to dispute the charges. Keeping copies of your medical records can also help you catch discrepancies caused by fraudulent use of your information.
Stay Alert for Phishing Attempts
Following a breach of this scale, affected individuals often become targets of phishing emails, texts, or phone calls designed to look like official communications. Scammers may reference the breach itself to appear more convincing.
Therefore, avoid clicking links or sharing personal information in response to unsolicited messages. Instead, verify any communication by contacting the company directly through a known, official phone number or website before responding.
More Information
Yorozu Automotive Tennessee Inc.
