Japanese electronics maker Casio says the October 2024 ransomware incident uncovered the non-public information of roughly 8,500 individuals.
The affected people are primarily Casio workers and enterprise companions, however there was a small set of non-public buyer info within the uncovered information.
Clandestine ransomware assault
The cyberattack occurred on October 5, when ransomware actors using phishing ways compromised the corporate’s community and brought about a Disruption of IT techniques.
On October 10, the assault was claimed by Underground ransomware gang, which threatened to disclose confidential paperwork, monetary recordsdata, venture info and worker information except a ransom was paid.
Shortly after, Cassius confirmed that Underground had stolen the non-public information of workers, companions and shoppers. Nevertheless, the corporate didn’t present the variety of individuals affected.
As soon as the investigation is full, Casio is able to present full particulars of the scope of the info breach.
The corporate’s newest announcement lists the next uncovered information:
- Staff (6,456 individuals): Title, worker quantity, electronic mail tackle, affiliation, gender, date of start, household particulars, tackle, phone quantity, taxpayer identification numbers and HQ system account info.
- Enterprise companions (1,931 individuals): Title, electronic mail tackle, telephone quantity, firm title, firm tackle and ID card info for some.
- Purchasers (91 individuals): Supply tackle, title, telephone quantity, buy date and product title for objects requiring supply and set up.
- Different leaked information: Inner paperwork, together with invoices, contracts and assembly supplies.
As affected people are recognized, they’ll obtain personalised notices in regards to the Casio incident.
Though some workers obtained unsolicited emails believed to be associated to the ransomware incident and the publicity of delicate information, the corporate says there was no secondary harm to them, their companions or prospects to this point.
Casio specified that no buyer information or bank card info had been uncovered to the Underground ransomware, as its databases containing buyer info weren’t affected by this incident.
The Japanese agency additionally made it clear that they didn’t negotiate with cybercriminals.
“After consulting with legislation enforcement, exterior attorneys, and safety specialists, Casio has not responded to any unreasonable calls for from the ransomware group that carried out the unauthorized entry.” Casio explains.
As for the affected providers, Casio says that almost all of them have returned to their regular working standing, though some providers haven’t but recovered.
In the meantime, though Casio’s CASIO ID and ClassPad.internet platforms are marked as unaffected by the ransomware assault, these providers additionally suffered a separate breach in October 2024.
