Casio Confirms Ransomware Attack, Customer Data Compromised

Casio has confirmed that it fell victim to a ransomware attack that led to the theft of  data belonging to customers, employees, and business partners. While the investigation is ongoing, the company has stated that sensitive information such as credit card data was not compromised.

On Oct. 8, Casio publicly announced the cyberattack. Initially, the company did not provide specifics about the incident but noted that it caused “system outages” across several departments. A later statement clarified that ransomware was used in the attack.

The attackers gained access to personal information of employees, contractors, business partners, and individuals interviewed by the company. They also stole confidential documents, including invoices, human resources files, and technical data. However, Casio assured that credit card information and services like Casio ID and ClassPad remained unaffected.

Despite these assurances, TechCrunch reported that Casio has not disclosed how many individuals were impacted or the exact scope of the stolen data. The company is currently evaluating the full impact of the breach, and some systems remain offline, indicating ongoing repercussions.

A ransomware group called Underground has claimed responsibility for the attack. This group was first observed in June 2023 and is linked to Storm-0978, a Russian cybercriminal group known as RomCom. Microsoft and BlackBerry have associated this group with cyberespionage activities. 

Underground claims to have stolen more than 200 gigabytes of data from Casio, including legal documents, payroll information, and personal employee information. The group also claims to have posted samples of the stolen data on the dark web.

As of now, Casio has not confirmed whether it received a ransom demand. The company has refrained from commenting on the situation and has not answered media inquiries regarding possible negotiations.