Casio, the Japanese maker of watches, calculators, and other electronic goods, is the latest company to fall victim to a major data breach.
Last Monday, the company issued a brief statement announcing that its network had been “illegally accessed by a third party” on October 5, which resulted in a “system failure.” That first announcement assured customers that the hack had been reported to authorities and was being investigated by an external agency, but was fairly sparse on further details.
Then, on Friday, Casio released an updated memo sharing more information on the attack. Here’s everything we know about the breach so far:
When did this happen?
On October 5, several Casio servers experienced “system failures.” That day, the company reports that it “took measures to shut down the servers” because it suspected a cyberattack using ransomware, which was confirmed later in the week.
“The Company consulted with the police on October 6 and with the Personal Information Protection Commission on October 7, and reported the matter by October 9,” Friday’s release reads.
This is far from the first data breach of the year. In fact, as Fast Company has previously reported, 2024 is a good year to be an identity thief and a bad year to be pretty much anyone else. According to a midyear report from the Identity Theft Resource Center, the number of data breaches in the first half of 2024 (about 1.1 billion) marked a 490% uptick over the first half of the year prior. Other notable attacks this year include breaches on Change Healthcare and Ascension, AT&T, and MoneyGram.
Who has been affected by the data breach?
According to the company, parties impacted by the breach include employees (both full-time and temporary/contract), business partners and affiliated companies, certain individuals who have interviewed with the company in the past, and “some customers who use services provided by the Company and some of affiliated companies.”
Friday’s press release does not go into detail on how many customers were impacted, and the company did not respond to Fast Company’s request for comment at the time of this writing.
What kind of information was stolen?
Unspecified “personal information” from all of the above parties may have been leaked. Additionally, the company suspects that documents like contracts, invoices, and sales information associated with business partners may have been taken, alongside internal documents like legal and financial information.
Who is responsible for the attack?
Casio has yet to officially confirm the party behind the attack. However, according to reporting from TechCrunch, the ransomware and extortion group Underground has claimed responsibility for the breach on its dark web leak site.
If I may have been impacted by the breach, what are my next steps?
The company has not yet provided actionable next steps for impacted parties. As a general rule, experts recommend immediately replacing your important passwords, scanning your devices for malicious software, and enabling two-factor authentication on your devices as a few first steps. Check out our full guide on protecting yourself from data hacks here.
Correction: An earlier version of this story incorrectly stated that CrowdStrike suffered a data breach this year. It suffered an outage related to a software update.