Casio says ransomware attack exposed info of employees, customers and business partners

Avatar

Japanese electronics manufacturer Casio confirmed on Friday that a cyber incident announced earlier this week was a ransomware attack that potentially exposed the information of employees, customers, business partners and affiliates.

In an updated statement, the company said the October 5 attack involved servers that “had been damaged by a third-party ransomware attack.”

Several systems were rendered unusable due to the ransomware attack, and an investigation revealed that the hackers had gained access to data held on the impacted servers. The company shut down the servers and hired outside security firms to help with the response. 

Casio created a task force to work on restoring the internal systems that were affected, and the company notified police in Japan of the incident on October 6. Officials also contacted Japan’s Personal Information Protection Commission on October 7.  

As of Friday, Casio said it believes the personal information of temporary and contract employees was leaked. The personal information of employees at affiliated companies was also exposed alongside data from business partners, people who have interviewed for jobs at the company in the past and some customers “who use services provided by the Company and some of affiliated companies.”

Casio did not outline what specific data was taken from each group but said customer credit card information was not included. 

The statement adds that information related to contracts, invoices and sales related to current and former business partners as well as Casio affiliates was also leaked during the attack. 

Internal legal documents and data on human resource planning, audits, sales, technical information and more may have been accessed by the hackers. 

“Please be aware that there is a possibility that your personal information may be misused to send you unsolicited e-mails such as phishing e-mails or spam e-mails. If you receive any suspicious e-mails, please do not open it and delete it,” Casio said. 

The company also asked that stolen information not be spread through social media because it “could increase the damage caused by the leak of information on this case, violate the privacy of those affected, have serious effects on their lives and businesses, and encourage crime.”

The attack was claimed by the “Underground” ransomware gang on Thursday. The hackers said they stole 204.9 GB of data from the company and offered samples of what was taken to prove its legitimacy. 

Researchers said the group first emerged in July 2023 and several experts explained that it seems to have links to the Russia-based RomCom cybercrime group. 

Fortinet noted that the group has listed 16 victims, with most based in the U.S. and Europe. Microsoft published a report last year outlining the operations of RomCom, which they said is “known to conduct opportunistic ransomware and extortion-only operations, as well as targeted credential-gathering campaigns likely in support of intelligence operations.” 

“[The group] operates, develops, and distributes the RomCom backdoor. The actor also deploys the Underground ransomware, which is closely related to the Industrial Spy ransomware first observed in the wild in May 2022,” the company said. 

“Identified ransomware attacks have impacted the telecommunications and finance industries, among others.”

Microsoft added that they found “significant code overlaps” with the Industrial Spy ransomware which they believe means Underground is a rebrand of the same operation.

CybercrimeNewsTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks

Next Post

Ukraine police arrest hacker for operating illegal VPN service to access sanctioned Russian sites

Related Posts

Protecting Tomorrow’s World: Shaping the Cyber-Physical Future

The lines between digital and physical realms increasingly blur. While this opens countless opportunities for businesses, it also brings numerous challenges. In our recent webinar, Shaping the Cyber-Physical Future: Trends, Challenges, and Opportunities for 2025, we explored the different factors shaping the cyber-physical future. In an insightful conversation with industry experts, we discussed
Avatar
Read More