Photo source: Flickr
Japanese electronics manufacturer Casio has officially acknowledged that a ransomware attack earlier this month led to the unauthorised access and theft of customer data.
On October 7, Casio initially reported experiencing a cyber incident but did not specify the details, only mentioning “system disruption” within the organisation. However, in a follow-up statement released on Friday, the Tokyo-based company confirmed that it was indeed a victim of ransomware.
The statement revealed that the attackers gained access to personal information belonging to Casio employees, contractors, business partners, and job applicants. Additionally, sensitive company data was compromised, including invoices, human resources documentation, and various technical files.
Casio noted that while hackers accessed “information about some customers,” it did not disclose the specific types of data involved or the number of individuals affected.
Importantly, Casio clarified that there was no breach of credit card information. The company also emphasised that its Casio ID and ClassPad services remained unaffected by the incident.
The identity of the attackers has not been confirmed by Casio. However, a ransomware group known as Underground has claimed responsibility for the breach on its dark web leak site.
Underground is a relatively new player in the ransomware landscape, having first emerged in June 2023. Microsoft has previously associated this group with a Russian cybercriminal organisation known as Storm-0978—also referred to as “RomCom” due to its use of specific malware. Researchers have indicated that RomCom conducts cyberattacks and other digital intrusions on behalf of the Russian government.
In a post on its dark web portal, Underground claimed to have stolen over 200 gigabytes of data from Casio. This includes legal documents, payroll records, and personal information of employees. The group has also released samples of the stolen data to assert their claims and likely to pressure Casio into paying a ransom.
In its updated statement, Casio indicated that investigations are ongoing to determine the “full extent of the damage” caused by the ransomware attack. Some systems at Casio are still reported as “unusable.”
Casio has urged individuals who may be affected to remain vigilant against unsolicited emails and phishing attempts. The company also cautioned against sharing any leaked information online, stating that doing so could worsen the situation for those impacted by the breach.
“Please refrain from spreading this information through social media, etc., as it could increase the damage caused by the leak of information on this case,” Casio warned in its statement.
Authorities such as Japan’s Personal Information Protection Commission and local police have been notified about the incident, and investigations are currently underway as efforts continue to remediate the breach and mitigate further damage.