Japanese consumer electronics giant Casio has confirmed that the personal data of approximately 8,500 people was stolen in a ransomware attack in October.
Casio was the target of a ransomware attack on October 5th, in which hackers accessed sensitive data and rendered many of the company's systems unusable. The attack was carried out by the Underground ransomware group, which claimed to have stolen over 200 gigabytes of data from Casio's systems, according to a dark web post seen by TechCrunch.
In an update posted on Tuesday, Casio said a hacker group that security experts associate with the Russia-linked cybercrime group known as RomCom (or Storm-0978) was responsible for approximately He admitted to accessing the personal information of 8,500 people.
In an update, Casio said, “Once we have completed as much investigation as possible, we would like to report that some internal documents containing personal information have been leaked.''
Casio said the breach affected data for approximately 6,500 employees and included information such as names, employee numbers and email addresses. Some employees' gender information, dates of birth, ID card data, family data, and tax ID numbers were also compromised.
The hackers also accessed the names, email addresses, phone numbers, and ID card information of more than 1,900 Casio business partners, as well as the personal information of 91 customers.
Casio announced that its systems that handle customers' personal information were not affected by this incident, and that no credit card information was leaked.
Casio acknowledged in an update on Tuesday that hackers had phishing techniques to gain entry due to “several deficiencies in the company's measures against phishing emails.” The company also admitted that it did not negotiate with the hackers who carried out the attack, saying it “did not respond to unreasonable demands from the ransomware group that carried out the unauthorized access.”
Casio said services affected by the ransomware incident are back online “with the exception of some individual services.” It is unclear which services will continue to be unavailable. The company did not immediately respond to TechCrunch's questions.