Casio now confirms it suffered a ransomware attack earlier this month, warning that the personal and confidential data of employees, job candidates, and some customers was also stolen.
The attack was disclosed Monday when Casio warned that it was facing system disruption and service outages due to unauthorized access to its networks during the weekend.
Yesterday, the Underground ransomware group claimed responsibility for the attack, leaking various documents allegedly stolen from the Japanese tech giant’s systems.
Today, after the data was leaked, Casio published a new statement that admits that sensitive data was stolen during the attack on its network.
As to the current results of its ongoing investigation, Casio says the following information has been confirmed as likely compromised:
- Personal data of both permanent and temporary/contract employees of Casio and its affiliated companies.
- Personal details related to business partners of Casio and certain affiliates.
- Personal information of individuals who have interviewed for employment with Casio in the past.’
- Personal information related to customers using services provided by Casio and its affiliated companies.
- Details related to contracts with current and past business partners.
- Financial data regarding invoices and sales transactions.
- Documents that include legal, financial, human resources planning, audit, sales, and technical information from within Casio and its affiliates.
Regarding customer data specifically, Casio specifies that the exposed set does not include credit card information, as payment data isn’t stored on its systems.
Also, the Japanese firm says service systems like CASIO ID and ClassPad.net were not affected by the incident, as they are not hosted on the breached server infrastructure.
As the investigation continues, the scope of the impact will likely broaden, and those who believe they might be affected are advised to remain vigilant against unsolicited emails.
Casio also requests internet users to avoid sharing any leaked information online, as that only worsens the situation for those affected by the data breach.
“Please refrain from spreading this information through social media, etc., as it could increase the damage caused by the leak of information on this case, violate the privacy of those affected, have serious effects on their lives and businesses, and encourage crime,” says the updated Casio statement.
The police and Japan’s Personal Information Protection Commission have been informed about the situation since earlier this week, so the authorities are involved in the investigations and remediation efforts.