Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Thousands Impacted by Casio Data Breach

Casio has completed its investigation into the data breach caused by a recent ransomware attack and found that thousands of individuals are impacted.

Casio ransomware

Japanese electronics giant Casio has completed its investigation into the data breach caused by a recent ransomware attack and found that thousands of individuals are impacted.

The company revealed in early October 2024 that some systems had failed and some services had been disrupted as a result of unauthorized access to its network. 

A few days later it confirmed that it had been targeted in a ransomware attack that resulted in personal information and confidential corporate files getting stolen. 

Casio has now completed its forensic investigation and determined exactly what type of data has been compromised, as well as how the attackers gained access to its systems.

The company’s report indicates that the attackers gained access through vulnerabilities in overseas offices. It suggests that initial access was achieved with the aid of phishing emails. 

Casio has confirmed that corporate documents and other internal data was compromised, mainly taken from servers hit by the ransomware. 

Employees’ personal information and information on some business partners and customers was also taken by the cybercriminals. Nearly 6,500 employees from Japan and other countries are impacted. The exposed information includes name, email address, gender, date of birth, and taxpayer ID — different types of information was compromised for different employees.

Casio said roughly 1,900 business partners are impacted, including information such as name, representative, email address, phone number, company name and contact details, and — in a couple of cases — ID cards. 

Advertisement. Scroll to continue reading.

In terms of customers’ personal information, the name, phone number, address, date of purchase, and product name of 91 customers who acquired products in Japan and needed delivery and installation was impacted. 

However, Casio noted, “No evidence of data theft was found in the customer database or in the system that handles customers’ personal information.”

In addition, Casio found that invoices, contracts, sales documents, meeting and internal review materials, and data related to internal systems was also stolen by the cybercriminals. Payment card information was not included in the compromised files.

A ransomware group named Underground took credit for the attack and threatened to leak stolen files shortly after the data breach came to light. 

The cybercriminals claim to have stolen over 200 Gb of data from Casio and they appear to have made at least some of it available for download by anyone who can access their Tor leak website. 

Related: IT Giant Atos Responds to Ransomware Group’s Data Theft Claims

Related: Washington Attorney General Sues T-Mobile Over 2021 Data Breach

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

Adam Zoller has joined CrowdStrike as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.