Tuesday, December 3, 2024
HomeCyber Security NewsCasio Hacked: Customers' Personal Details Exposed

Casio Hacked: Customers’ Personal Details Exposed

Published on

SIEM as a Service

Casio Computer Co., Ltd. has apologized for a data leak due to unauthorized server access. 

The server contained the personal information of customers who registered for its educational web service, “ClassPad[.]net.” The leak affected customers both in Japan and abroad.

The company expressed deep regret for the trouble and worry this incident caused its customers and stakeholders. 

- Advertisement - SIEM as a Service

The company admitted that it failed to prevent the breach, which was a serious violation of its security standards.

The breach was caused by an external cyber-attack that targeted a database in the development environment for “ClassPad[.]net.” 

The attackers were able to access and leak the personal information of some of Casio’s customers. However, no other assets besides this database were compromised.

Document
FREE Demo

Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Background of the Incident

The breach was discovered on the night of Wednesday, October 11, when Casio’s development team noticed a database failure in the ClassPad.net environment. 

Upon further investigation, they found that on Thursday, October 12, customers’ personal information outside Japan had been accessed and leaked.

The investigation revealed that some network security settings in the development environment had been turned off due to an operational mistake by the company’s system management department. 

The lack of proper operational management and supervision was the main reason for the breach, which allowed an external entity to exploit these weaknesses.

Casio took immediate action to deal with the breach. All databases in the development environment affected by the attack have been made inaccessible from outside the environment. 

The incident has been reported to Japan’s Personal Information Protection Commission and JUAS, the “PrivacyMark” certification organization. 

Casio has consulted with external security experts to conduct further investigations and implement necessary measures. The company is also considering legal actions, including cooperation with law enforcement agencies. Moreover, 

Casio is working with the police in their ongoing investigation.

The data breach exposed the following personal information:

  1. Customer names
  2. Customer email addresses
  3. Country/region of residence
  4. Purchasing information (order details, payment method, license code, etc.)
  5. Service usage information (log data, nicknames, etc.)
  6. Credit card information was not stored.

The number of individuals affected by the breach was large:

  • Customers in Japan: 91,921 items, including 1,108 educational institution customers and individual customers.
  • Customers outside Japan: 35,049 items from 148 countries and regions.

Casio is contacting all customers whose personal information may have been leaked through email and other means. They have set up a dedicated contact point for inquiries from affected customers.

Service Availability

There was no unauthorized access to the “ClassPad.net” application itself. It is still available for use as normal.

Future measures

In its recent notice, Cisco mentioned that it plans to improve its technical safety management by strengthening its security for network routes and databases.

It will also review its operational procedures and enhance its employee education and training. 

And do their best to restore trust and prevent recurrence of such incidents

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...