View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 21, 2023updated 22 Aug 2023 9:55am

Ransomware gang BlackCat posts watch company Seiko to its victim blog

BlackCat posted luxury watchmaker Seiko to its victim blog this morning, following the latter's announcement of a breach earlier this month.

By Claudia Glover

Global luxury watch brand Seiko has been breached by the ransomware group BlackCat, according to the gang’s website. Also known as ALPHV, the organisation released several tranches of what appears to be confidential data stolen from the Japanese watchmaking firm, including schematics on an unreleased watch model.

Seiko has been aware of the breach for some weeks. Earlier this month, the firm announced that it had been hit by a ‘possible data breach’ on July 28th, adding that an ‘as-yet-unidentified party had gained unauthorised access to at least one of [its] servers.’ The alert went on to explain that an investigation into the incident had been launched, and apologised to anyone suffering any effects of the breach.

A close-up of a Seiko-manufactured wristwatch.
A close-up of a Seiko-manufactured wristwatch. The Japanese watchmaker was recently claimed as the latest victim of BlackCat on the ransomware gang’s website. (Photo by Strahlengang/Shutterstock)

Founded in 1975 and headquartered in Tokyo, Japan, Seiko employs over 12,000 staff and as of March 2023 boasted an annual profit of $824.97mn. The data from the company posted on BlackCat’s victim portal includes plans for a new watch called the Seiko Transformer and the passport of the director of the Watch Corporation, a Seiko subsidiary. There is no mention on the portal about a deadline for negotiations or a possible ransom. Seiko did not respond to requests for comment. 

Who is BlackCat?

BlackCat is a notorious, Russian-speaking ransomware gang that is best known for attacking healthcare providers, financial institutions, government departments and the education sector. Its payloads are written in the Rust programming language, which makes it harder for ransomware researchers to track them.

BlackCat is thought by many to be a possible rebranding of DarkSide, the gang behind the hacking of the Colonial Pipeline in 2021, an incident that forced the US federal government to invoke emergency powers to guard against unexpected fuel shortages. According to the FBI, the gang’s operators include many developers and money launderers who migrated from the DarkSide ransomware platform.

BlackCat has posted confidential data stolen from several companies to its victim portal in recent months, including, in May, 6GB of data was purloined from Munster University in Ireland. In June, Bart’s Health NHS Trust also made an appearance, after the gang claimed it had lifted 70 terabytes of data from the medical organisation. Later that month, BlackCat additionally claimed to have attacked Reddit, demanding that the social media site pay a ransom of $4.5m for the data the gang had stolen and for the site to withdraw its controversial API policy.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Read more: Barts Health NHS Trust appears on BlackCat ransomware gang’s victim blog

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.