Japan’s SoftBank has acknowledged a serious system failure that briefly mixed up customer identities across its online account and messaging services, an incident that highlights how fragile trust can be when customer data sits at the center of the experience.
The company said a malfunction in a proxy server caused some customers logging into “My SoftBank” via mobile phone line authentication to see other users’ personal information. Similar issues appeared in messaging services, including SoftBank’s S!Mail (MMS), Y!Mobile MMS, and +Message, where sender names, phone numbers, or even entire accounts were incorrectly assigned.
SoftBank found the system error after a customer reported the glitch.
“As a result of the investigation, it was discovered on January 19 that a software defect in the proxy server introduced on September 25, 2025, had caused some customers to be temporarily treated as other customers, and that the frequency of occurrences had increased following a change in the network equipment settings implemented on January 13, 2026.”
SoftBank stressed that the incident was not the result of hacking. “The cause of this issue was a software malfunction in the proxy server, and not an external cyber attack,” the company stated.
A Backend Bug With Very Real Customer Impact
Under specific conditions—particularly when multiple processes were running at the same time—the system temporarily treated one customer as another.
Between January 13 and January 17, SoftBank recorded thousands of cases across several scenarios.
Customers reported seeing someone else’s name, address, date of birth, phone number, contract details, and billing amounts when checking their accounts. In other cases, messages were sent with the wrong sender information, delivered to unintended recipients, or tied to the wrong account altogether.
From a customer experience standpoint, this kind of error hits a nerve. A simple login or quick message send becomes unsettling when the private information onscreen clearly belongs to someone else.
For customers, it doesn’t matter whether a data exposure is caused by a cyber attack or a software bug.
The mobile phone line authentication that SoftBank uses is designed to make login easier for customers by removing passwords and streamlining access. But a failure turns appreciation for that convenience into discomfort. Identity verification is the foundation of modern digital customer interactions and once that foundation cracks, trust erodes fast.
The incident also shows how invisible infrastructure plays an outsized role in customer experience. Proxy servers, data validation, and concurrency handling may seem far from front-end systems, but when they go wrong, customers notice immediately.
Rebuilding Trust After Customer Data Exposure
SoftBank said it fixed the software fault and “confirmed that the system is currently operating normally.”
The company plans to contact affected customers directly and has set up a dedicated support desk to handle questions.
SoftBank reported the incident to regulators and has committed to stronger data consistency checks and improved monitoring to catch similar issues earlier, stating:
“We take this serious incident very seriously, and will re-examine the system in question to thoroughly prevent a recurrence, while also working to ensure that our customers can use our services with peace of mind.”
For customer service teams, a technical fix is only part of the story when personal information is leaked or stolen. How clearly and calmly customers are informed, and how consistently support teams handle concerns, shapes how quickly trust is regained.
As customer journeys become more digital and interconnected, identity management is becoming one of the most critical parts of the experience. Customers expect systems to know who they are, and, just as importantly, who they are not.
SoftBank’s incident is a reminder that data security and privacy are core experience moments, and when they fail, customers feel it instantly.
