Japanese electronics manufacturer Casio recently disclosed a data breach that impacted customers from 149 countries. The breach was discovered on October 11, following the failure of a database within Casio’s ClassPad education platform’s development environment.
Evidence indicates that the attacker accessed customers’ personal information on October 12, exposing data such as customer names, email addresses, countries of residence, service usage details, and purchase information. However, credit card information was not stored within the compromised database. As of October 18, the attackers had accessed data belonging to over 91,000 Japanese customers and more than 35,000 records from customers in 148 countries and regions.
Casio attributed the breach to operational errors and insufficient operational management, which led to some network security settings being disabled within the development environment.
While the compromised database is currently inaccessible to external entities, the ClassPad.net app remains operational, and Casio clarified that the hackers did not infiltrate systems beyond the compromised database. The company reported the breach to Japan’s Personal Information Protection Commission and is collaborating with law enforcement authorities for the investigation. Casio is also working with external cybersecurity experts to identify the root causes of the incident and develop countermeasures.
In a previous incident in August 2023, a threat actor known as thrax claimed to have leaked over 1.2 million user records on a cybercrime forum. This data was allegedly stolen from a Remote Desktop Services (RDS) server containing older casio.com databases.
The information included records up to July 2011, AWS keys, and database credentials. Casio is actively addressing this breach, and its response includes cooperating with authorities and conducting an internal investigation to enhance its security measures.