Casio confirms that customer data was compromised in a ransomware attack

Japanese electronics giant Casio has confirmed that a ransomware attack earlier this month resulted in the theft of customer data.

Casio first confirmed on October 7 that it had been hit by a cyberattack, but did not disclose at the time the nature of the incident, which caused an unspecified “system disruption” across the company. In an updated statement on Friday, the Tokyo-based electronics giant confirmed that it had fallen victim to ransomware.

Casio’s statement confirms that the attackers accessed personal data of Casio employees, contractors, business partners and people who conducted interviews for the company, as well as sensitive corporate data such as invoices, personnel files and some technical information of the company.

Hackers also accessed “information about some customers,” Casio said, but did not specify what types of data were accessed or how many people had been affected so far.

Casio ruled out any credit card information compromise and said its Casio ID and ClassPad services were not affected by the breach.

Casio has not confirmed who was behind the attack. A ransomware and extortion gang called Underground has claimed responsibility for the breach on its dark web leak site, seen by TechCrunch.

Underground is a relatively new ransomware and extortion group, with cyberattacks first observed in June 2023. Microsoft has previously linked the ransomware operation to the Russia-linked cybercriminal group called Storm-0978 (also known as “RomCom” because of its use of their malware of the same name). BlackBerry researchers previously told TechCrunch that RomCom also carries out cyberattacks and other digital intrusions for the Russian government.

Underground said in a post on its dark web leak site that it stole more than 200 gigabytes of data from Casio, including legal documents, payroll information and personal data of Casio employees. The group released samples of the stolen data, seen by TechCrunch, to claim the legitimacy of the breach and likely in an effort to further blackmail the company into paying a ransom.

It is unknown whether Casio received a ransom note from Underground. The company declined to answer TechCrunch’s questions.

In its updated statement, Casio said the “full extent of the damage caused by the ransomware” was still being investigated. Some Casio systems remain “unusable,” according to the company.