Casio confirms that customer data has been compromised in a ransomware attack

Japanese electronics giant Casio has confirmed that a ransomware attack earlier this month led to the theft of customer data.

Casio first confirmed on October 7 that it had been hit by a cyberattack, but at the time did not disclose the nature of the incident that caused an unspecified “system outage” at the company. In an updated statement on Friday, the Tokyo-based electronics giant confirmed that it had fallen victim to ransomware.

Casio’s statement confirms that the attackers accessed personal information belonging to Casio’s employees, contractors, business partners and interviewees, along with sensitive company data such as invoices, files of human resources and some technical information belonging to the company.

The hackers also accessed “information about some customers,” Casio said, but did not say what types of data were accessed or how many people are affected so far.

Casio ruled out a compromise of credit card information, saying its Casio ID and ClassPad services were not affected by the breach.

Casio has not confirmed who is behind the attack. A ransomware and extortion racket called Underground has claimed responsibility for the breach on its dark web leak site, which TechCrunch has seen.

Underground is a relatively new ransomware and extortion group, first observed as cyberattacks in June 2023. Microsoft previously linked the ransomware operation to the Russian-linked cybercriminal group known as Storm-0978 (also known as ” RomCom” to use its namesake malware). ). BlackBerry researchers previously told TechCrunch that RomCom also conducts cyberattacks and other digital intrusions for the Russian government.

Underground said in a post on its dark web leak site that it stole more than 200 gigabytes of Casio data, including legal documents, payroll information and personal information of Casio employees. The group has released samples of the stolen data, seen by TechCrunch, to claim the legitimacy of the breach, and likely in an effort to further extort the company into paying a ransom.

It is not known if Casio has received a ransom demand from Underground. The company declined to respond to TechCrunch’s questions.

In its updated statement, Casio said it is still investigating “the full extent of the damage” caused by the ransomware. Some Casio systems remain “unusable,” according to the company.