Japanese watchmaker Seiko has revealed that it fell victim to a Black Cat ransomware attack earlier this year, leading to a significant data breach that exposed sensitive information from customers, partners, and personnel.
Following an investigation, Seiko confirmed that around 60,000 “items of personal data” from its ‘Group’ (SGC), ‘Watch’ (SWC), and ‘Instruments’ (SII) departments had been compromised in the attack. On August 10, 2023, the company reported unauthorized access to one of its servers on July 28, 2023. The BlackCat/ALPHV ransomware gang added Seiko to its extortion site on August 21, claiming to have stolen production plans, employee passport scans, technical schematics of watches, and more.
The information leaked in this breach included customer details such as names, addresses, telephone numbers, and email addresses from Seiko Watch Corporation (SWC), contact information for business transactions with SGC, SWC, and SII, and data provided by job applicants and personnel, including names, addresses, phone numbers, email addresses, and educational background.
However, the breach did not expose credit card information. Seiko has responded by collaborating with cybersecurity experts to strengthen its IT systems, assess the breach’s root causes, and implement targeted security enhancements to prevent similar incidents in the future. They have also committed to individually notifying affected customers, personnel, and business partners of the breach.