Casio data breach hits users in 149 countries

News
By Sead Fadilpašić
published

Hackers stole data from a development environment

Lock on Laptop Screen
(Image credit: Shutterstock.com) (Image credit: Future)

Casio has suffered a security incident that saw data on thousands of customers spread all over the world hacked and stolen.

The company confirmed the news, saying unnamed threat actors managed to access a ClassPad.net database within its development environment. ClassPad.net is the company’s education and learning platform. 

“On the evening of Wednesday, October 11, when the person in charge attempted to work in the development environment, it was discovered that a database failure had occurred, and the company assessed the situation,” the company's announcement reads. “As the company continued to analyze the situation, it was additionally confirmed that, on the evening of Thursday, October 12, the personal information of some residents of countries other than Japan was accessed."

Thousands of entries

The data that the hackers obtained includes customer names, email addresses, countries of residence, service usage details, and purchase information such as payment methods, license codes, and order specifics. No credit card or other payment data was accessed, as it wasn’t stored in the database.

Subsequent analysis showed that the attackers took data belonging to 91,921 Japanese customers (which includes 1,108 educational institutions), and data belonging to 35,049 customers from 148 different countries.

"At this time, it has been confirmed that some of the network security settings in the development environment were disabled due to an operational error of the system by the department in charge and insufficient operational management," the company said. "Casio believes these were the causes of the situation that allowed an external party to gain unauthorized access."

The compromised database is currently unavailable to anyone outside the company, but the Classpad.net application can still be used. Casio added that it had notified law enforcement and Japan's data watchdog, and is cooperating in the investigation.

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.