Casio Apologizes to Consumers After Data Stolen in Cyberattack

Hackers have breached Casio’s servers, making off with the personal information of more than 128,000 consumers, as well as data belonging to business partners.

According to the electronics maker, a “database failure” discovered by an employee last week led to unknown miscreants accessing the information of:

·      91,921 items belonging to Japanese customers

·      35,049 items belonging to customers from 148 other countries and regions

·      1,108 educational institution customers

“At this time, it has been confirmed that some of the network security settings in the development environment were disabled due to an operational error of the system by the department in charge and insufficient operational management,” according to the notice. “Casio believes these were the causes of the situation that allowed an external party to gain unauthorized access.”

Data leak

Casio’s investigation revealed that the attackers exfiltrated names, email addresses, country/region of residence, purchase information (order details, payment method, license code), service usage information, including log data and nicknames.

The attack leveraged weaknesses in a database in the development environment for “ClassPad.net,” an academic web application managed and operated by the Nippon behemoth.

“As a result, the personal information of some customers in and outside Japan, stored in the database, was accessed and leaked,” the notice says. “Casio has confirmed that there is no evidence of any unauthorized intrusion into assets other than the database in the development environment.”

Casio claims it does not retain credit card information on its servers – at least not on the affected server in this case – so customer payment info should not be at risk.

The company promises to “contact all customers whose personal information may have been accessed by email or other means,” and avoid such incidents in the future as it works to “strengthen technical safety management by implementing security enhancement measures for network routes and databases.”

“In terms of operational management, Casio will implement thorough safety management measures, including reviewing security operational rules and continuing employee training on security measures,” it notes, indicating that whoever was behind the attack leveraged at least some degree of human error inside the company to achieve their objective.

“Casio deeply apologizes for the great inconvenience and concern this incident causes our customers and everyone involved,” the firm adds.

The attackers did not access the ClassPad.net app and “it is available for use as usual,” according to the advisory.

What to do if you’re a ClassPad user

Casio’s notice falls short of giving out instructions on how to protect leaked data, but hopefully the emails going out to affected users will.

In the meantime, if you use any of your ClassPad login information on other services, be sure to change those credentials with those services as well. Consider using a password manager to avoid having to recycle user names and passwords. It helps secure your login information on other platforms in case your data gets leaked in a breach like this.

Keep an eye out for fraudsters and phishers impersonating Casio or other brands. Never give away personal, financial or login information by email, phone, or SMS. For more peace of mind, consider employing a digital identity protection tool and a dedicated security solution on all your devices.