Yes — Kubota North America Corporation disclosed a data breach after unauthorized parties maintained access to parts of its network for more than a month in spring 2026. This incident is part of our California AG June 30, 2026 breach roundup.
The Grapevine, Texas–based U.S. arm of the Japanese equipment maker reported the incident to the California Attorney General on June 30, 2026, according to BleepingComputer and Claim Depot.
Exposed HR files may include Social Security numbers, direct-deposit bank details, and benefits data for employees and their dependents — a combination that raises identity theft, payroll fraud, and medical identity misuse risk.
We scanned kubotausa.com and kubota.com to assess email and domain security posture relevant to this incident and follow-on impersonation risk.
What Happened
According to BleepingComputer, AGDAILY, and Kubota’s breach notice:
- March 16 – April 20, 2026 — Unauthorized party accessed certain Kubota North America network systems.
- April 30, 2026 — Kubota discovered HR-maintained files had been accessed during the intrusion.
- June 16, 2026 — File review concluded personal information of employees and dependents may have been involved.
- June 30, 2026 — Personalized notification letters mailed; California and Massachusetts AG filings submitted.
At the time of reporting, no ransomware or extortion group had publicly claimed responsibility, and Kubota did not report operational disruptions from the incident.
Breach Impact at a Glance
| Field | Detail |
|---|---|
| Organization | Kubota North America Corporation |
| Sector | Agricultural / construction equipment |
| Intrusion window | March 16 – April 20, 2026 |
| Discovery | April 30, 2026 |
| CA AG reported | June 30, 2026 |
| Victims | Employees and dependents |
| Identity monitoring | Complimentary Kroll membership offered |
| Ransomware claim | None publicly attributed |
Data at Risk
Potentially exposed information varies by individual but may include:
- Full names (employees and dependents)
- Social Security numbers and dates of birth
- Taxpayer IDs and government ID numbers
- Direct-deposit bank account information
- Corporate payment card details
- Benefits enrollment and limited claims data
Because SSNs and banking data were involved, affected individuals face elevated identity theft, W-2 fraud, and benefits fraud risk — not just routine phishing.

State Notifications
| Filing | Status |
|---|---|
| California AG | Filed June 30, 2026 |
| Massachusetts OCABR | Filed June 30, 2026 |
| Kubota website notice | Posted June 2026 |
Kubota was one of four organizations added to the California AG list on June 30, 2026.
Independent Cybersecurity Audit
We ran an EmailMeNow Cybersecurity Audit on July 6, 2026:
| Domain | Overall | Identity | Transport | Website | Risk |
|---|---|---|---|---|---|
| kubotausa.com | 56% | 35% | 15% | 70% | Average |
| kubota.com | 52% | 45% | 15% | 45% | Average |
Key findings:
- 52–56% overall (Average) — both domains sit well below the 100% ideal recommended for manufacturers handling employee SSNs and payroll correspondence.
- 15% Transport Security — no effective MTA-STS enforcement or TLS-RPT on either mail path.
- 35–45% Identity & Spoofing on
kubotausa.com— partial DMARC posture; insufficient to reliably block spoofed HR or Kroll enrollment phishing during an active notification window. - 100% Email Infrastructure — both route through Microsoft 365 / Exchange, which does not offset weak transport and identity gaps on its own.

Weak public-domain email controls do not cause a network intrusion by themselves, but they amplify harm when attackers already hold employee contact data and notification letters are in the mail.
Audit links:
Priority Actions
If you received a Kubota notification letter:
- Enroll in Kroll identity monitoring using only the URL or phone number printed in your letter.
- Monitor bank accounts, credit reports, and explanation-of-benefits notices.
- Freeze credit if SSN exposure was confirmed in your personalized notice.
For manufacturers and agricultural equipment firms:
- Enforce phishing-resistant MFA on HR, payroll, and benefits admin accounts.
- Deploy DMARC
p=rejectwith aligned SPF on every employee-facing domain. - Add MTA-STS
mode=enforceand TLS-RPT; segment HR systems from general corporate networks. - Alert on bulk HR file exports and anomalous VPN sessions lasting weeks.
Related Trackers
- California AG June 30 roundup
- California AG breach tracker
- Government & education breaches
- Ransomware threat landscape
- All state AG trackers
Protect employee payroll, benefits, and partner correspondence.
Run a free Instant Cybersecurity Audit at audit.emailmenow.com or contact EmailMeNow IT Consulting for DMARC enforcement, MTA-STS deployment, and incident response planning.
Sources: BleepingComputer — Kubota month-long access · Claim Depot — Kubota breach · AGDAILY — Kubota employee notice · California AG — Data Breach List · EmailMeNow audit — kubotausa.com · EmailMeNow audit — kubota.com