Casio Data Breach – Attackers Compromise The Servers Via Ransomware Attack

October 11, 2024 – Casio Computer Co., Ltd. (Casio) has announced that its servers were compromised in a ransomware attack earlier this month, resulting in the leak of personal information and internal documents.

The company expressed deep regret for the incident and assured stakeholders that it is taking comprehensive measures to address the breach and prevent future occurrences.

Details of the Cyberattack

On October 5, 2024, Casio’s servers were illegally accessed from overseas, rendering several systems inoperable due to a sophisticated ransomware attack.

Despite prior efforts to enhance cybersecurity, deficiencies in phishing email defenses and global network security measures were exploited by attackers.

A forensic investigation conducted with external security specialists confirmed that internal documents containing personal information had been leaked.

However, Casio emphasized that no evidence of data theft was found in customer databases or systems handling customer information.

The leaked data includes personal details of employees, business partners, and a small number of customers.

Notably, no credit card information was compromised.

Casio has submitted a confirmation report to the Personal Information Protection Commission and has made necessary disclosures to international data protection authorities in compliance with applicable laws.

Extent of the Data Leak

The investigation revealed that personal information for 6,456 employees (including temporary staff), 1,931 business partners, and 91 customers was exposed.

Specific details include:

  • Employee Data: Names, email addresses, employee numbers, affiliations, and in some cases, sensitive details such as addresses and family information.
  • Business Partner Data: Contact details of representatives from Casio’s global business partners, including names, email addresses, and phone numbers.
  • Customer Data: Delivery addresses, purchase details, and contact information for a small group of customers who purchased products requiring installation services in Japan.

Additionally, internal documents related to invoices, contracts, sales data, meeting materials, and review documents were also leaked.

However, Casio confirmed that systems supporting its applications—such as CASIO ID and ClassPad.net—were unaffected as they operate on separate servers.

Response and Preventive Measures

Casio has resumed most of its services after ensuring their safety but continues to monitor for potential risks.

To prevent recurrence, the company is implementing robust measures under the guidance of cybersecurity experts:

  • Strengthening IT security across its global network.
  • Reviewing its information management system and enhancing internal training on cybersecurity protocols.
  • Cooperating with law enforcement to address any secondary damage caused by spam emails or misinformation related to the breach.

Casio has urged stakeholders to refrain from spreading leaked information on social media to protect affected individuals’ privacy and prevent further harm.

Casio has apologized for the inconvenience caused by this incident and reaffirmed its commitment to improving its cybersecurity framework.

The company aims to restore trust by providing secure services and safeguarding the interests of customers, employees, and business partners alike.

For further inquiries or concerns regarding this matter, Casio has provided dedicated contact channels for assistance.

Also Read:

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here