Japanese watchmaking giant Seiko has confirmed that the ransomware attack discovered a few months ago resulted in a data breach affecting customers, business partners, and employees.
Seiko revealed on August 10 that it had identified a possible data breach in late July. The company said at the time that hackers had gained access to at least one server and its investigation showed that some information may have been compromised.
Roughly ten days later, the ransomware group known as BlackCat and ALPHV took credit for the attack and started leaking files taken from Seiko after the company refused to respond to its extortion attempts.
The cybercrime group claimed to have stolen over 2Tb worth of files, including employee information, production technology details, video and audio recordings of management meetings, emails, and copies of passports belonging to employees and foreign visitors.
At the time, they threatened to leak or sell the data unless their demands were met, and in mid-September they made all the information public on their Tor-based leak website.
Seiko released another statement on the incident on Wednesday, confirming that a total of roughly 60,000 personal data records associated with Seiko Group Corporation (SGC), Seiko Watch Corporation (SWC), and Seiko Instruments Inc. (SII) were compromised.
According to Seiko, compromised data includes SWC customer information, including names, addresses, phone numbers, and email addresses. The company says payment card information was not stolen.
In addition, the attackers stole SGC, SWC, and SII business partner information such as name, job title, company affiliation, and company contact details.
The names and contact information of current and former employees, as well as job applicants, was also stolen by the ransomware group.
“As part of our ongoing response, we temporarily blocked external communication with the affected servers and have installed EDR (Endpoint Detection and Response) systems on all servers and PCs to detect unauthorized activity. We have also implemented measures such as multi-factor authentication to prevent further breaches,” Seiko said.
The cybersecurity measures implemented by Seiko in response to the incident are basic and they should be implemented by all organizations proactively, not in response to a significant data breach.