Casio, an electronics giant of Japan, confirmed the ransomware attack earlier this month in which customer data was stolen.
Japanese electronics company Casio confirmed on October 7 that it indeed fell victim to a cyberattack but at the time said nothing about the nature of the incident, which is said to have caused unspecified "system disruption" across the company. In an updated statement on Friday, the Tokyo-based electronics giant confirmed it was indeed a victim of ransomware.
The personal information accessed by the attackers included those of Casio employees, business partners' staff, contractors, and also those who have had their interview application accepted was confirmed by the statement from Casio, all sensitive company data, including invoices, human resources files, and also some technical information about the company.
Hackers also had access "to information about some customers," Casio said, without saying what kinds of data had been accessed or how many people are affected so far.
Casio said it had no evidence that credit card information had been compromised, as its Casio ID and ClassPad services are not involved in the breach.
Casio has not publicly confirmed who is behind the hacking. The Underground hackers' ransomware and extortion racket claims the breach on its leak site, found on the dark web, where TechCrunch has seen it.
Underground is a relatively new ransomware and extortion group, first spied conducting cyberattacks in June 2023. Microsoft earlier linked the ransomware operation to the Russia-associated cybercrime group called Storm-0978 also commonly known as "RomCom" for use of its self-titled malware. Researchers at BlackBerry had earlier told TechCrunch that RomCom was also conducting cyberattacks and other digital intrusions on behalf of the Russian government.
Underground also published in a post to its dark web leak site that it has stolen over 200GB of data from Casio, including legal documents, payroll information, and personal information about Casio employees. To prove the legitimacy of the breach, and probably to extort more money from the company, Underground published samples of the stolen data it sent to TechCrunch for verification.
It's unclear if Underground has presented a ransom demand to Casio. Casio did not respond to messages for comment by TechCrunch.
In its last statement, Casio said that it is still investigating the "full extent of the damage" from the ransomware attack. Some Casio systems are "unusable," according to the company.