Japanese electronics manufacturer Casio says that the October 2024 ransomware incident exposed the personal data of approximately 8,500 people.

The affected individuals are primarily Casio employees and business partners, but there was a small set of customer personal information in the exposed data.

Underground ransomware attack

The cyberattack occurred on October 5, when ransomware actors employing phishing tactics compromised the company’s network and caused an IT systems outage.

On October 10, the attack was claimed by the Underground ransomware gang, which threatened to disclose confidential documents, financial files, project information, and employee data unless a ransom was paid.

Soon after, Casio confirmed that Underground had stolen the personal data of employees, partners, and customers. However, the company did not provide the number of affected people.

With the investigation now completed, Casio is in a position to give the full details of the data breach scope.

The latest announcement from the company lists the following exposed data:

• Employees (6,456 individuals): Name, employee number, email address, affiliation, gender, date of birth, family details, address, phone number, taxpayer ID numbers, and HQ system account information.
• Business partners (1,931 individuals): Name, email address, phone number, company name, company address, and ID card information for some.
• Customers (91 individuals): Delivery address, name, phone number, date of purchase, and product name for items requiring delivery and installation.
• Other leaked data: Internal documents, including invoices, contracts, and meeting materials.

As impacted individuals are identified, they will receive personalized notices about the incident from Casio.

Although some employees received unsolicited emails believed to be linked to the ransomware incident and sensitive data exposure, the company says there has been no secondary damage to them, their partners, or customers as of yet.

Casio specified that no customer data or credit card information had been exposed to Underground ransomware, as their databases holding customer information were not impacted by this incident.

The Japanese firm also made it clear that they did not negotiate with the cybercriminals.

“Following consultation with law enforcement agencies, outside counsel and security experts, Casio has not responded to any unreasonable demands from the ransomware group that carried out the unauthorized access,” explains Casio.

As for the impacted services, Casio says that most of them have returned to normal operational status, though some services have not been recovered yet.

Meanwhile, although Casio’s CASIO ID and ClassPad.net platforms are flagged as not impacted by the ransomware attack, those services also suffered a separate breach in October 2024.