Casio Confirms Data Breach After Underground Ransomware Leak

A few days ago, we reported that the Japanese company Casio, known for producing wristwatches, programmable calculators, and electronic musical instruments, fell victim to a cyberattack in early October.

Yesterday, the ransomware group Underground claimed responsibility for the incident and released a portion of the documents purportedly stolen from Casio’s servers.

Today, the company issued a new statement, confirming that sensitive information had indeed been compromised as a result of the attack. According to the investigation, the stolen database, exceeding 200 GB, contained:

• Personal data of permanent and temporary employees of Casio and its subsidiaries;
• Information pertaining to the company’s business partners;
• Data on candidates who had interviewed for positions at Casio;
• Personal information of customers using the company’s services;
• Documents related to contracts, financial transactions, as well as legal, financial, and audit documentation.

Casio emphasizes, however, that customer credit card information was not compromised, as it is not stored within their systems. Additionally, the CASIO ID and ClassPad.net services were unaffected, as they operate on separate infrastructure.

The company warns that the scope of the breach may expand as the investigation progresses and advises potentially affected individuals to remain vigilant regarding suspicious emails.

Casio also urges internet users not to disseminate leaked information on social media, in order to avoid exacerbating the damage and violating the privacy of those affected.

It has been reported that local law enforcement and Japan’s Personal Information Protection Commission are already involved in the investigation of the incident.