Casio, a leading electronics manufacturer, confirmed a ransomware attack in October 2024 that resulted in the exposure of sensitive personal data belonging to employees, business partners, and customers. The attack, claimed by the Underground ransomware group, led to the publication of 204.9 GB of data, including internal business documents, HR data, and personal details. Despite the breach, Casio refused to comply with the ransomware group’s demands. The leaked information included personal details of 6,456 employees, including names, email addresses, and family details for domestic workers, as well as data related to 1,931 business partners.
The leaked data also included contact information for customers who had purchased products in Japan, including delivery addresses, phone numbers, and purchase details. Notably, no financial information, credit card data, or customer-related database records were exposed in the breach. The company has assured that affected individuals will be notified once they are identified, but it confirmed that the breach did not affect any financial or credit card systems. Additionally, some employees received spam emails possibly linked to the breach.
Casio admitted that weaknesses in its security systems contributed to the breach. The company identified deficiencies in its phishing defense mechanisms and in its global network security infrastructure, which allowed the attackers to gain unauthorized access. In response, Casio has engaged with a cybersecurity firm to bolster its security across the organization. The company has also reported the incident to Japan’s Personal Information Protection Commission and relevant international authorities.
After shutting down affected servers and verifying the safety of its systems, Casio resumed its services, with only a few individual services still being addressed. The company issued an apology for the breach, expressing regret for the inconvenience caused to affected individuals. Casio is committed to improving its security measures and has vowed to continue working with authorities to mitigate further risks.
Reference:
