Casio Ransomware Attack Impacted Over 8K People

Casio, a large manufacturer of electronics from mobile devices to cameras, revealed on Tuesday that an October ransomware attack impacted the data of almost 8,500 people, and stemmed from a phishing attack. The attack, which resulted in a data leak of some of the company’s internal documents, was claimed by a ransomware group called Underground, which said it had stolen more than 200 gigabytes of data, according to TechCrunch.

“The investigation revealed that the cause of the incident was that, despite Casio's efforts to strengthen system security in response to the recent increase in cyberattacks, there were some deficiencies in the company's measures against phishing emails and its global network security system, including its overseas offices, it was unable to counter the cunning ransomware attacks from overseas,” according to Casio’s security incident report.

Key Details:

• The attack started on Oct. 5, 2024 after threat actors utilized phishing emails as an initial access vector, eventually gaining unauthorized access to Casio’s servers and stealing internal documents

• Casio said that the compromised documents included personal information about employees, business partners and customers, as well as data related to invoices, meeting materials and internal systems

• While customer data was part of the stolen internal documents, Casio said there’s no evidence of data theft of its overall customer database or in the system that handles customer personal information

Compromised Information: The stolen information is personal and can help threat actors in their social engineering tactics, opening the door to future phishing attacks. Casio said that so far, some employees reported receiving unsolicited spam emails that may be related to the incident. 

The incident impacted the personal information of 6,456 Casio employees (along with ex-employees and contract workers), including their names, employee numbers, email addresses, date of birth, family member names, addresses, taxpayer ID numbers and more. The information of 1,931 people associated with Casio’s business partners was also impacted, including names, emails, phone numbers, company names and addresses, and (in limited cases) information on ID cards. Finally, the data of 91 customers was part of the attack, including the names, delivery addresses and dates of purchase for customers who purchased items in Japan that needed delivery and installation. No credit card information was part of the compromised data.

The Big Picture: Casio said that most of its services are up and running again after the attack, with “the exception of some individual services.” The company said it has “not responded to any unreasonable demands from the ransomware group that carried out the unauthorized access.”