Casio reports cybersecurity breach leading to IT systems failures

Casio Computer Co., Ltd., a Japanese technology company known for its watches, calculators, and musical instruments, has reported a cybersecurity incident following an unauthorized network breach.

The incident was detected on October 5, 2024 and involved unauthorized access to Casio's network by a third party, resulting in IT system disruptions. Certain services are reported as currently unavailable due to the system disruption. However, Casio has not specified which services are affected.

Casio has launched an internal investigation into the breach and is working with external cybersecurity experts to assess the extent of the incident.

It is not yet clear if any personal or confidential data was accessed or stolen. Casio has emphasized that further details will be disclosed after the investigation is complete.

Update - as of 10th of October 2024, the Underground ransomware gang has claimed responsibility for a cyberattack on Casio. The ransomware group has since added Casio to its dark web extortion portal, releasing what it claims to be data stolen from the company. The leaked data allegedly includes:

• Confidential documents labeled 社外秘 (Japanese for "Confidential"),
• Legal documents,
• Employee personal data,
• Non-Disclosure Agreements (NDAs),
• Employee payroll information,
• Patent information,
• Financial documents,
• Project information,
• Incident reports

As of 11th of October 2024, the Underground ransomware group leaked data allegedly stolen from Casio on its dark web portal. Shortly after, Casion confirmed the breach and stolen information.

As of 7th of January 2025, Casio reports comprehensive details about the attack. The incident resulted in the exposure of personal data belonging to 8,500 individuals, primarily consisting of employees and business partners.

The exposed data affected three main categories

• Employees (6,456 individuals):
  • Names
  • Employee numbers
  • Email addresses
  • Affiliations
  • Gender
  • Dates of birth
  • Family details
  • Addresses
  • Phone numbers
  • Taxpayer ID numbers
  • HQ system account information
• Business Partners (1,931 individuals):
  • Names
  • Email addresses
  • Phone numbers
  • Company names
  • Company addresses
  • ID card information (for some individuals)
• Customers (91 individuals):
  • Delivery addresses
  • Names
  • Phone numbers
  • Dates of purchase
  • Product names (for items requiring delivery and installation)

Additional compromised information included internal documents such as invoices, contracts, and meeting materials. The company claims that customer databases containing credit card information were not impacted by this incident.

This is not the first time Casio has faced a cybersecurity incident. About a year ago, hackers accessed the servers of Casio’s ClassPad education platform, compromising customer data from 149 countries.