Japanese electronics giant Casio has confirmed that the personal data of nearly 8,500 people were stolen in a ransomware attack that took place in early October, TechCrunch reports. The attackers, who are linked to a Russian hacker group, gained access to confidential information of the company's employees and business partners, Casio said in a statement.
The attack took place on 5 October and was carried out by the Underground group, known for its attacks on large organisations. The hackers gained access to more than 200 gigabytes of data from Casio's systems and disrupted part of the company's infrastructure. Information about the attack appeared on darknet forums.
The company's investigation showed that the attackers gained access to various types of confidential information. In particular, the data of 6,500 employees was compromised, including their names, numbers, email addresses, gender information, dates of birth, ID card information, family information and tax numbers. The data of 1,900 business partners was also stolen, including names, phone numbers, email addresses and ID card information. In addition, the incident affected 91 customers, although no credit card information was compromised.
‘Following the completion of the investigation, Casio would like to announce that some internal company documents, including personal information, have been made public,’ the company said in an official statement.
Cybersecurity experts have linked the Underground group to the Russian hacker group RomCom, also known as Storm-0978, which has previously carried out similar attacks. Casio confirmed that the attackers were able to infiltrate its systems through phishing attacks, exploiting weaknesses in its protection against malicious emails.
The company emphasised that it was not negotiating with the hackers. ‘We are not responding to any unreasonable demands from the group that made the unauthorised access,’ Casio said in a statement.
Casio also said that most of its affected services have been restored, although some ‘individual services’ are still unavailable. The company did not specify which services are still unavailable and has not yet provided any further comment on the extent of the breach.