A threat actor has claimed responsibility for an alleged breach involving Ramen Kuroda, a Japanese restaurant chain operating across the Philippines, with more than 7 million customer records purportedly exposed online.
In a forum post published on May 23, the actor claimed to possess approximately 7.1 million records allegedly tied to Ramen Kuroda’s customer loyalty and transaction systems. The listing advertised 3 CSV files totaling roughly 1 GB in size.
The alleged dataset reportedly includes customer names, email addresses, phone numbers, birthdates, gender information, loyalty point balances, wallet balances, transaction histories, branch locations, and order-related metadata.
The post also included sample records allegedly showing customer loyalty transactions tied to various Ramen Kuroda restaurant branches across the Philippines.
Samples appear to contain older 2023 and 2024 records
According to the samples shared in the forum post, much of the exposed transaction data appears dated between 2023 and April 2024 despite the actor claiming the intrusion occurred in May 2026.
The alleged files referenced timestamps such as Apr 30, 2024 and Apr 21, 2024, while several customer export filenames also appeared tied to older spreadsheet exports generated during 2023 and 2024.
The discrepancy raises questions about the timing and credibility of the alleged breach claim. While the data could potentially originate from older backups or previously compromised systems, the evidence shared publicly does not currently confirm a recent 2026 intrusion.
BreachNews has not independently verified the authenticity of the alleged data or confirmed whether Ramen Kuroda systems were compromised.
Threat actor continues rapid posting activity
The same forum account has recently published a high volume of alleged breach claims targeting organizations across the United States, Canada, Mexico, India, Vietnam, and the Philippines spanning industries including real estate, hospitality, education, and technology.
Recent claims tied to the actor include alleged breaches involving Hillpointe, Happipad, Reltio, ReferralRock, WisERP, and more.
The rapid pace of postings and inconsistent timelines across some listings make independent verification especially important before attributing the claims to confirmed intrusions.
At time of publication, Ramen Kuroda had not issued any public statement regarding the alleged breach claims.
