Casio has confirmed that a ransomware attack earlier this month led to the theft of personal and confidential data belonging to its employees, job candidates, and some customers.

The company acknowledged the breach after facing system disruptions and service outages, caused by unauthorised access to its networks over the weekend.

The Underground ransomware group has claimed responsibility for the attack, releasing documents allegedly stolen from the Japanese technology firm’s systems. Following this leak, Casio issued a statement confirming that sensitive data had indeed been compromised.

Data compromised in the attack

Casio’s ongoing investigation has identified several types of information that were likely stolen in the ransomware attack. This includes personal data of both permanent and temporary employees of Casio and its affiliated companies, as well as personal details of business partners linked to Casio and its subsidiaries.

Information about individuals who have previously interviewed for roles at Casio was also compromised, along with personal data of customers using services provided by Casio and its affiliates. Additionally, details of contracts with current and past business partners, financial data related to invoices and sales transactions, and documents containing legal, financial, human resources, audit, sales, and technical information from within Casio and its affiliates were accessed during the breach.

Casio clarified that customer payment data, including credit card information, was not compromised in the breach as such information is not stored on its systems. Furthermore, the company assured users that its service systems, such as CASIO ID and ClassPad.net, were not affected as they are hosted on separate infrastructure that was not impacted by the attack.

As the investigation continues, Casio anticipates the scope of the breach could expand. Individuals who may be affected are advised to remain cautious of unsolicited emails and phishing attempts. Casio has also urged the public to refrain from sharing any leaked information online, noting that doing so could worsen the situation for those impacted by the data breach.

“Please refrain from spreading this information through social media, etc., as it could increase the damage caused by the leak of information on this case, violate the privacy of those affected, have serious effects on their lives and businesses, and encourage crime”, Casio, in an updated statement, warned.

Authorities, including Japan’s Personal Information Protection Commission and the police, have been informed of the situation. Investigations are ongoing as efforts to remediate the breach and mitigate further damage continue.

Read more: Fidelity Investments reports data breach, impacting more than 77,000 customers