Japanese electronics maker Casio announced that the personal information of customers in 150 countries and regions was exposed in a recent data breach.
The incident, Casio says, was discovered on October 11, and involved unauthorized access to a database in the development environment for ClassPad.net, an education web application that Casio manages and operates.
“As a result, the personal information of some customers in and outside Japan, stored in the database, was accessed and leaked. Casio has confirmed that there is no evidence of any unauthorized intrusion into assets other than the database in the development environment,” Casio says in an incident notice.
The ClassPad.net application, the company says, was not accessed and remains operational.
According to the company, the data breach was the result of an operational error and insufficient operational management, leading to some network security settings in the development environment being disabled.
“Casio believes these were the causes of the situation that allowed an external party to gain unauthorized access,” the company says.
Casio reported the incident to the authorities, has blocked access to the databases in the impacted development environment for all individuals outside the environment, and is working with an external party to investigate the attack.
The compromised information, the company says, includes names, email addresses, country/region of residence, order information, and service usage information.
Casio did not specify the number of impacted individuals, but said that the attackers accessed 91,921 ‘items’ belonging to customers in Japan (individuals and 1,108 educational institutions), and 35,049 ‘items’ belonging to customers from 148 countries and regions.
“Casio will contact all customers whose personal information may have been accessed by email or other means,” the company said.