In the 1970s and 1980s, Casio was best known for its electronic (including scientific) calculators, electronic musical instruments, and affordable digital watches incorporating innovative technology. All the cool kids had a Casio calculator (unfortunately, I was taught on a slide rule). Well, Casio is still around. Japanese electronics manufacturer Casio says that the October 2024 ransomware incident exposed the personal data of approximately 8,500 people. The affected individuals are primarily Casio employees and business partners, but there was a small set of customer personal information in the exposed data. The cyberattack occurred on 05 October 2024, when ransomware actors employing phishing tactics compromised the company's network and caused an IT systems outage.
On 10 October 2024, the Underground ransomware gang claimed the attack, which threatened to disclose confidential documents, financial files, project information, and employee data unless a ransom was paid. Soon after, Casio confirmed that Underground had stolen the personal data of employees, partners, and customers. However, the company did not provide the number of affected people.
See: https://redskyalliance.org/xindustry/underground-ransomware-romcom
With the investigation now completed, Casio can give the full details of the scope of the data breach.
The latest announcement from the company lists the following exposed data:
• Employees (6,456 individuals): Name, employee number, email address, affiliation, gender, date of birth, family details, address, phone number, taxpayer ID numbers, and
HQ system account information.
• Business partners (1,931 individuals): Name, email address, phone number, company name, company address, and ID card information for some.
• Customers (91 individuals): Delivery address, name, phone number, date of purchase, and product name for items requiring delivery and installation.
• Other leaked data: Internal documents, including invoices, contracts, and meeting materials.
As impacted individuals are identified, they will receive personalized notices about the incident from Casio. Although some employees received unsolicited emails believed to be linked to the ransomware incident and sensitive data exposure, the company says there has been no secondary damage to them, their partners, or customers yet.
Casio specified that no customer data or credit card information had been exposed to Underground ransomware, as their databases holding customer information were not impacted by this incident.
The Japanese firm also clarified that they did not negotiate with the cybercriminals. "Following consultation with law enforcement agencies, outside counsel, and security experts, Casio has not responded to any unreasonable demands from the ransomware group that carried out the unauthorized access," explains Casio.
As for the impacted services, Casio says that most of them have returned to normal operational status, though some services have not recovered yet. Casio's CASIO ID and ClassPad.net platforms are flagged as not impacted by the ransomware attack; those services also suffered a separate breach in October 2024.
This article is shared at no charge and is for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
• Reporting: https://www.redskyalliance.org/
• Website: https://www.redskyalliance.com/
• LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
Comments