Casio has said nearly 8500 people were affected by a ransomware attack that compromised its servers on 5 October last year. The attack led to data leaks, including internal documents and personal information, but no credit card information was included in the leaked information.
Based on the investigation’s results, the company is in the process of identifying the affected business partners and customers. It said it would contact them individually once this was clear and take all necessary steps to protect their privacy.
The company has apologized for the incident, acknowledging the concerns it has caused to customers, employees, and business partners.
A Timeline of the Incident
The ransomware attack was first disclosed in a company statement on 11 October 2024, following an initial announcement on 8 October about unauthorized access to its network.
With assistance from an external security specialist, the electronics giant said it conducted a detailed forensic investigation, uncovering vulnerabilities in its defenses against phishing emails and gaps in the security of its global network, including overseas operations.
The Key Findings
The investigation confirmed that some internal documents containing personal information were stolen and leaked. However, customer databases and systems handling customer personal information were not affected.
Leaked Personal Information
Employee Data (6456 people)
- Human resources information such as name, employee number, email address, and affiliation for domestic employees (5,509 employees)
- For some employees, in addition to the above, gender, date of birth, and other information on ID cards (10 employees), name of their family, address, phone number etc. are included (97 employees)
- Name, e-mail address, and HQ system account information on local employees of domestic and overseas Group companies (881 employees)
- Name, taxpayer ID numbers, and human resources information (66 people) for ex-employees of some overseas group companies that were previously affiliated with the company.
Business Partner Information (1931 people)
- Information on Casio and its group companies’ (including overseas) business partners, such as name, e-mail address, telephone number, company name, and company address of the contact persons or representative of the business partners (1,922 people)
- For two of them, information on ID cards is included
- Name, email address, phone number, address, and biographical information of those who have interviewed for employment with Casio in the past (9 people)
Customer Data (91 people)
- Delivery address, name, telephone number, date of purchase, product name, etc. of customers who purchased products in Japan that need delivery and installation
Additional Leaks
- Data related to invoices, contracts, sales, etc., with some business partners
- Data related to meeting materials, internal review materials, etc.
- Data related to internal systems
Preventive Measures and Recovery
In the aftermath of the event, Casio said it has taken several steps, such as strengthening IT security, including global network defenses. It has also enhanced internal training and revised information management protocols.
The firm consulted with law enforcement and declined to meet the ransom demand.
Most services affected by the attack have now resumed, with safety verified.
Secondary Damage Prevention
Casio has warned of potential secondary damage, as some employees reported receiving spam emails linked to the attack. The company urges the public to avoid spreading unverified information to protect the privacy of those affected. Casio has pledged to cooperate with authorities to address any slander, fake information, or other harmful actions.
The company also reiterated its commitment to preventing similar incidents by continually improving its security systems and processes. It expressed its deepest apologies for the inconvenience and pledged to maintain customer trust by providing secure and reliable services.
For further inquiries, Casio has made dedicated support channels available.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.