Casio UK e-store breached, customer credit cards stolen
Learn More
Casio UK was hit by a security breach of their online store (casio.co.uk) where hackers installed malicious credit card skimming scripts.
The incident occurred between January 14 and 24, 2025, and was discovered by security researchers at JSCrambler who notified Casio on January 28, 2025. The malicious script was removed within 24 hours of notification.
The attack exploited Magento vulnerabilities and used a two-stage skimmer approach:
- A simple skimmer planted on the website
- Second stage: Dynamic loading from a Russian hosting provider (ru-jsciot)
The code was obfuscated using custom encoding and XOR-based string concealing. The attackers created a fake checkout form that would capture customer data before redirecting to the legitimate checkout page. The stolen data was encrypted using AES-256-CBC before being sent to servers with Russian IP addresses.
The stolen sensitive information includes:
- Billing addresses
- Email addresses
- Phone numbers
- Credit card holder names
- Credit card numbers
- Credit card expiration dates
- Credit card CVV codes
The number of affected customers, any fraudulent charges or financial impact is not disclosed. It's also unclear whether Casio has reported this incident to the affected customers.
