'HACKED': Hacker defaces Seiko USA website and claims theft of 'entire customer database' – here's what we know

News
By published

Seiko has not yet confirmed the incident

A hand holding a credit card in front of a laptop screen with Matrix-style data on it
(Image credit: Getty Images)
  • Seiko USA website defaced; attackers claim Shopify backend breach
  • Threat actors allege theft of full customer database, demand ransom within 72 hours
  • No dark web leak yet; unclear if Seiko negotiated or if attackers were bluffing, company previously hit by BlackCat ransomware in 2023

Premium watch manufacturer Seiko has had its US website defaced over the weekend in an incident in which it allegedly also lost sensitive customer data.

Last weekend, the “Press Lounge” section of the Seiko USA website displayed a new page called “HACKED”. In it, the unnamed threat actors said they accessed the company’s Shopify backend and pulled sensitive customer information.

"This is an urgent security notification regarding your Shopify store. Your customer database has been compromised," the page allegedly said. "We have successfully breached your Shopify store's security systems and downloaded the entire customer database."

Article continues below

Demanding negotiations

Without showing a sample of the stolen files, the threat actors said they obtained people’s names, email addresses, phone numbers, purchase records, transaction details, addresses, shipping preferences, account creation dates, and various customer notes.

They gave the company 72 hours to reach out and negotiate paying a ransom, otherwise the crooks would publish the stolen treasure on the dark web. They told the company to look for a specific customer account inside the Shopify admin panel (ID 8069776801871), and use the email associated with that account to begin negotiations.

Seiko has not yet issued an official statement regarding the attack. It did restore its website, though.

Even though the weekend is already behind us, the data has not yet surfaced anywhere on the dark web. Furthermore, no threat actors claimed responsibility for the attack. It could mean that Seiko came to an agreement with the attackers, or that the miscreants were simply bluffing and never had any data to begin with.

The company is no stranger to ransomware attacks. Back in July 2023, it was struck by the infamous BlackCat ransomware gang and lost 60,000 “items of personal data” from three departments - Group, Watch, and Instruments. The data included names, phone numbers, email addresses, and postal addresses.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.