Japanese electronics giant Casio has confirmed that a ransomware attack earlier this month resulted in the theft of customer data.
Casio first confirmed on October 7 it had been hit by a cyberattack, but at the time did not reveal the nature of the incident that caused unspecified “system disruption” across the company. In an updated statement on Friday, the Tokyo-based electronics giant confirmed that it had been the victim of ransomware.
Casio’s statement confirms that the attackers accessed personal information belonging to Casio employees, contractors, business partners, and people who have interviewed for the company, along with sensitive company data including invoices, human resources files, and some technical information belonging to the company.
Hackers also accessed “information about some customers,” Casio said, but did not state which types of data had been accessed or how many individuals are so far affected.
Casio ruled out a compromise of credit card information, saying its Casio ID and ClassPad services were unaffected by the breach.
Casio hasn’t confirmed who is behind the attack. A ransomware and extortion racket called Underground has claimed responsibility for the breach on its dark web leak site, which TechCrunch has seen.
Underground is a relatively new ransomware and extortion group, first observed carrying out cyberattacks in June 2023. Microsoft previously linked the ransomware operation to the Russia-linked cybercriminal group known as Storm-0978 (also known as “RomCom” for use of its eponymous malware). Researchers at BlackBerry previously told TechCrunch that RomCom also carries out cyberattacks and other digital intrusions for the Russian government.
Underground said in a post on its dark web leak site that it stole more than 200 gigabytes of data from Casio, including legal documents, payroll information, and personal information of Casio employees. The group has published samples of the stolen data, seen by TechCrunch, in order to claim legitimacy of the breach, and likely in an effort to further extort the company into paying a ransom.
It’s not known whether Casio has received a ransom demand from Underground. The company declined to answer TechCrunch’s questions.
In its updated statement, Casio said the “full extent of the damage” caused by the ransomware is still being investigated. Some Casio systems remain “unusable,” according to the company.