Casio confirms that customer data was stolen in a ransomware attack

Casio now confirms that it suffered a ransomware attack earlier this month and warns that personal and confidential data of employees, applicants and some customers was also stolen.

The attack was announced on Monday as Casio warned that it would face system disruptions and service outages over the weekend due to unauthorized access to its networks.

Yesterday, ransomware group Underground claimed responsibility for the attack, leaking various documents that were allegedly stolen from the Japanese tech giant’s systems.

Today, after the data was leaked, Casio released a new statement admitting that sensitive data was stolen in the attack on its network.

Regarding the latest findings from the ongoing investigation, Casio says the following information has been confirmed as likely compromised:

• Personal data of both permanent and temporary/contract employees of Casio and its affiliates.
• Personal information related to Casio business partners and certain affiliates.
• Personal information of people who have applied for employment at Casio in the past.
• Personal data relating to customers using the services provided by Casio and its affiliates.
• Details of contracts with current and previous business partners.
• Financial data related to invoices and sales transactions.
• Documents containing legal, financial, workforce planning, auditing, sales and technical information of Casio and its affiliates.

As for customer data specifically, Casio says the disclosed set does not include credit card information because payment data is not stored on its systems.

The Japanese company also says that service systems such as CASIO ID and ClassPad.net are not affected by the incident as they are not hosted on the damaged server infrastructure.

As the investigation progresses, the extent of the impact is likely to increase and those who believe they may have been affected are advised to remain vigilant against unsolicited emails.

Casio also urges internet users to avoid sharing leaked information online as this will only make the situation worse for those affected by the data breach.

“Please refrain from disseminating this information via social media etc. as this could increase the harm caused by sharing information about this case, breach the privacy of those affected, have a serious impact on their lives and businesses and encourage crime.” says the updated Casio statement.

Police and the Japanese Personal Data Protection Commission have been aware of the situation since the beginning of this week, so authorities are involved in the investigation and remedial action.