In an incident report published on October 25 (the third one in the series), the company said that its investigation confirmed 60,000 “items of personal data” were stolen from three departments - Group, Watch, and Instruments.
The company first sounded the alarm on August 10, when it said someone accessed at least one of its servers. Two weeks later, the BlackCat ransomware group, also known as ALPHV, claimed responsibility for the attack by adding the Japanese giant to its extortion site and sharing a few samples of the data collected. The samples included production plans, employee passport scans, new model release plans, and specialized lab test results.
Now, the company analyzed the data that was taken and confirmed BlackCat took customer information (names, addresses, telephone numbers, and/or email addresses), contact information for counterparties involved in business transactions with Group, Watch, and Instruments, (names, company affiliation, job title, company address, company phone number, and/or company email address), information from people that applied for job positions (names, addresses, phone numbers, email addresses, and/or educational background information), and some employee information (names, email addresses).
Customer payment information such as credit card data was not taken, Seiko confirmed. The company said it will continue working with cybersecurity firms to tighten up on the security of its systems, continue analyzing the cause of the breach, and engage in “targeted security enhancement” to make sure such an incident never happens again.
Some reports claimed BlackCat bought the access from an initial access broker (IAB) a day before the company spotted the attack.
Seiko concluded the report by saying it would notify everyone impacted by the breach individually.
More from TechRadar Pro
- The Samsung Galaxy S23 just got hacked big time - should you be worried?
- Here's a list of the best malware removal tools today
- These are the best ID theft protection around
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.