Casio Computer Co., Ltd., the Japanese electronics manufacturer, confirmed on Saturday that a third-party ransomware attack earlier this month damaged its network, leaking personal and confidential internal information held by the company and its affiliated companies.
This acknowledgment from Casio comes after the Underground ransomware group claimed responsibility for the attack yesterday (October 10, 2024) after leaking data allegedly stolen from Casio on its dark web portal.
In a notice published by the company today, Casio said that on October 5, 2024, some of its servers experienced a system failure. On further investigation, it was determined that the servers showed signs of unauthorized access, resulting in the inability to provide some services.
In response to the attack, the company hired an outside security specialist to conduct a forensic investigation.
On the same day, Casio shut down the servers that had suffered unauthorized access from the Internet and its internal network, as it suspected a cyberattack using ransomware.
Further, the company set up a task force to restore the affected internal systems and resume operations.
It also notified the police on October 6 and the Personal Information Protection Commission on October 7 and reported the matter by October 9.
While the complete extent of the damage is still being assessed, Casio admits that the leaked data may have personal information, etc., which include:
- Personal information of employees (including temporary and contract employees)
- Part of personal information of a part of the employees of affiliated companies
- Personal information of business partners of the Company and some of itsย affiliated companies
- Personal information of certain individuals who have interviewed for employment with the company in the past.
- Information about some customers who use services provided by the Company and some of affiliated companies (Credit card information is not included.)
- Information related to contracts, invoices, sales, etc. with current and past business partners of the Company and certain of its affiliated companies.
- Internal documents containing legal, financial, human resources planning, audit, sales and technical information of the Company and its affiliated companies.
Regarding customer data, Casio said that no credit card or other payment data was accessed, as the information wasnโt stored in the database.
The Japanese firm adds that service systems like CASIO ID and ClassPad.net were not affected by the incident, as they run on a different server from the one affected by the unauthorized access.
โPlease be aware that there is a possibility that your personal information may be misused to send you unsolicited e-mails such as phishing e-mails or spam e-mails. If you receive any suspicious e-mails, please do not open it and delete it,โ says the notice.
The company also requests to avoid sharing any leaked information online, as it may worsen the situation for those impacted by the data breach.
โPlease refrain from spreading this information through social media, etc., as it could increase the damage caused by the leak of information on this case, violate the privacy of those affected, have serious effects on their lives and businesses, and encourage crime,โ Casio added.