Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Japanese electronics giant Casio has confirmed that the personal information of nearly 8,500 people was stolen in a ransomware attack in October.
It was Casio’s target ransomware attack On October 5, it saw hackers accessing sensitive data and rendering many of the company’s systems useless. The attack was claimed by the Underground ransomware group, which says it stole more than 200 gigabytes of data from Casio systems, according to a dark web post seen by TechCrunch.
In an update Casio confirmed on Tuesday that a hacking group that security experts have linked to the Russian-linked cybercriminal group known as RomCom (or Storm-0978) accessed the personal information of nearly 8,500 people during an October cyberattack.
“After the investigation has been completed as far as possible, Casio would like to inform you that some of its internal documents, including personal information, have been leaked,” Casio said in an update.
Casio said the breach affected the data of about 6,500 employees and included information such as names, employee numbers and email addresses. Some employees’ gender data, dates of birth, ID card data, family data and taxpayer identification numbers were also seized.
The hackers also accessed the names, email addresses, phone numbers and ID information of more than 1,900 Casio business partners, along with the personal information of 91 customers.
Casio said no credit card information was exposed during the breach because its system that handles customers’ personal information was not affected by the incident.
In an update on Tuesday, Casio confirmed that hackers had phishing methods to gain entry due to “some deficiencies in the company’s countermeasures against phishing emails.” The company also confirmed that it was not in talks with the hackers responsible for the attack, saying it “has not responded to any unreasonable demands from the ransomware group that carried out the intrusion.”
Casio said services affected by the ransomware incident were back online “except for some individual services”. It is not clear which services are disabled. The company did not immediately respond to questions from TechCrunch.
