Casio confirms that customer data has been compromised in a ransomware attack

Japanese electronics giant Casio has confirmed that a ransomware attack earlier this month resulted in the theft of customer data.

Casio first confirmed on October 7 that it had been hit by a cyberattack, but did not disclose at the time the nature of the incident that caused an unspecified “system disruption” across the company. In an updated statement on Friday, the Tokyo-based electronics giant confirmed that it had fallen victim to ransomware.

Casio’s statement confirms that the attackers gained access to personal information of Casio employees, contractors, business partners and people who interviewed for the company, along with sensitive company data including invoices, employee files and certain company technical information.

Hackers also gained access to “information about some customers,” Casio said, but did not specify what types of data were accessed or how many individuals have been affected so far.

Casio ruled out a compromise of credit card information and said its Casio ID and ClassPad services were unaffected by the breach.

Casio has not yet confirmed who is behind the attack. A ransomware and extortion scam called Underground has claimed responsibility for the breach on its dark web leak site, which TechCrunch has spotted.

Underground is a relatively new ransomware and extortion group, which first launched cyber attacks in June 2023. Microsoft previously linked the ransomware operation to the Russia-affiliated cybercriminal group known as Storm-0978 (also known as “RomCom” for its use of the malware of the same name). ). BlackBerry researchers previously told TechCrunch that RomCom also carries out cyber attacks and other digital intrusions for the Russian government.

Underground said in a post on its dark web leak site that it stole more than 200 gigabytes of data from Casio, including legal documents, payroll information and personal information of Casio employees. The group has published samples of the stolen data, seen by TechCrunch, to claim the legitimacy of the breach, and likely in an attempt to further extort the company into paying a ransom.

It is unknown whether Casio received a ransom from Underground. The company declined to answer TechCrunch’s questions.

In its updated statement, Casio said the “full extent of the damage” caused by the ransomware was still under investigation. Some Casio systems remain “unusable,” according to the company.