Casio has confirmed it fell victim to a ransomware attack earlier this month, resulting in the theft of sensitive personal and confidential data belonging to employees, job applicants, and some customers.
The attack was first disclosed on Monday when Casio warned of system disruptions and service outages due to unauthorized network access over the weekend. Yesterday, the Underground ransomware group took responsibility for the breach, leaking documents allegedly stolen from the company’s systems.
In a new statement released today, Casio admitted that sensitive data was indeed compromised in the attack. So far, their investigation has revealed the likely exposure of:
- Personal data of both permanent and temporary employees of Casio and its affiliated companies.
- Information related to business partners and certain affiliates.
- Personal details of individuals who interviewed with Casio in the past.
- Customer data from services provided by Casio and its affiliated companies.
- Contract details with current and former business partners.
- Financial data tied to invoices and sales transactions.
- Legal, financial, human resources, and technical documents from Casio and its affiliates.
However, Casio reassured that no credit card information was compromised, as the company does not store such data. Additionally, services like CASIO ID and ClassPad.net were unaffected, as they are hosted separately from the breached systems.
As the investigation unfolds, the full extent of the breach may expand. Casio has urged anyone potentially impacted to remain cautious of phishing or unsolicited emails. The company also requested the public to avoid sharing leaked data, as it could cause further harm to those affected.
Authorities, including the police and Japan’s Personal Information Protection Commission, have been informed and are actively involved in the investigation and mitigation efforts.
