Casio has confirmed that a recent ransomware attack led to a significant data breach, compromising personal and confidential information.
On October 5, unauthorized access to Casio’s network resulted in system disruptions and service failures, and the company has since disclosed that the incident was a ransomware attack. Hackers accessed a wide range of sensitive data, including personal information related to employees, business partners, and job applicants, as well as internal legal, financial, and technical documents.
Details of Compromised Data Emerge
In an updated statement released on Friday, Casio provided more details about the breach. The compromised information includes employee payroll records, contract details, and sensitive company files, such as invoices, sales documents, and audit reports.
The electronics giant also confirmed that some customer information was accessed, though the company has not clarified what specific customer data was involved or how many individuals were affected. However, Casio assured the public that credit card information and services such as Casio ID and ClassPad were not impacted by the breach.
Cybercriminals Behind the Attack Identified
A ransomware group known as Underground has taken responsibility for the attack. Underground, which first appeared in June 2023, claims to have stolen over 200 gigabytes of data from Casio’s systems. The group has already leaked portions of the stolen files online, releasing legal documents, patents, and employee personal and payroll information, as well as non-disclosure agreements (NDAs) and financial projects.
Underground’s leak site was discovered by TechCrunch, which confirmed that samples of the stolen data had been published in an attempt to pressure Casio into paying a ransom.
Casio has not confirmed whether a ransom demand was received, nor has it commented on whether any payments have been made. The company’s ongoing investigation aims to assess the full extent of the damage caused by the breach, with some of its systems still unusable due to the attack.
Casio urged the public not to circulate or share any leaked data, warning that doing so could further harm the individuals whose information was compromised and encourage additional criminal activity. The company pledged to work closely with law enforcement to respond to the breach and protect the privacy of those affected.
Microsoft has linked Underground to the Russia-affiliated cybercriminal group Storm-0978, also known as RomCom, which has been associated with various cyberattacks and digital espionage activities. According to BlackBerry researchers, RomCom not only conducts its own attacks but also engages in hacking operations for the Russian government. Casio did not confirm any connection to RomCom, but the ransomware group’s recent claims suggest that the data breach may have wider implications.
Casio Still Recovering from Attack
Casio’s investigation is still ongoing, and the company is working to restore its compromised systems while assessing the full scope of the data breach. For now, the company continues to deal with system outages and has declined to answer further questions about the incident.
