Renowned Japanese electronics giant Casio has confirmed that the significant ransomware breach compromised customer data. This announcement follows an initial disclosure on October 7, which only identified a generic cyberattack that had caused "system disruption" across the company's operations.
In its recent statement, Casio revealed that the attackers gained unauthorized access to a wide range of sensitive data, including personal information from employees, contractors, business partners, and even prospective job applicants.Â
Additionally, hackers accessed internal company data such as invoices, HR files, and some technical documents. Notably, Casio acknowledged that some customer information was compromised, though specifics regarding the nature of this data and the number of affected individuals remain undisclosed.
Fortunately, the company has ruled out any compromise of credit card details, confirming that its Casio ID and ClassPad services were not impacted by the breach.
While Casio has not officially identified the perpetrators, the ransomware group known as "Underground" has claimed responsibility.Â
This group, first detected in June 2023, is believed to be linked to the Russia-affiliated cybercriminal entity Storm-0978, also referred to as "RomCom" due to its use of RomCom malware. Previous research by BlackBerry has suggested connections between RomCom and cyber operations conducted on behalf of the Russian government.
Underground has publicized elements of the stolen data, purportedly amounting to over 200 GB, including legal documents, payroll data, and personal details of employees. This tactic is often used to validate the breach and coerce victims into paying a ransom, though it remains unclear if Casio has received such a demand or intends to comply.
The October 5 breach resulted in unauthorized access to Casio's networks, causing notable service disruptions across its range of electronic products, from watches and calculators to musical instruments and cameras.