Japanese electronics giant Casio has completed its investigation into the data breach caused by a recent ransomware attack and found that thousands of individuals are impacted.

The company revealed in early October 2024 that some systems had failed and some services had been disrupted as a result of unauthorized access to its network. 

A few days later it confirmed that it had been targeted in a ransomware attack that resulted in personal information and confidential corporate files getting stolen. 

Casio has now completed its forensic investigation and determined exactly what type of data has been compromised, as well as how the attackers gained access to its systems.

The company’s report indicates that the attackers gained access through vulnerabilities in overseas offices. It suggests that initial access was achieved with the aid of phishing emails. 

Casio has confirmed that corporate documents and other internal data was compromised, mainly taken from servers hit by the ransomware. 

Employees’ personal information and information on some business partners and customers was also taken by the cybercriminals. Nearly 6,500 employees from Japan and other countries are impacted. The exposed information includes name, email address, gender, date of birth, and taxpayer ID — different types of information was compromised for different employees.

Casio said roughly 1,900 business partners are impacted, including information such as name, representative, email address, phone number, company name and contact details, and — in a couple of cases — ID cards. 

In terms of customers’ personal information, the name, phone number, address, date of purchase, and product name of 91 customers who acquired products in Japan and needed delivery and installation was impacted. 

However, Casio noted, “No evidence of data theft was found in the customer database or in the system that handles customers’ personal information.”

In addition, Casio found that invoices, contracts, sales documents, meeting and internal review materials, and data related to internal systems was also stolen by the cybercriminals. Payment card information was not included in the compromised files.

A ransomware group named Underground took credit for the attack and threatened to leak stolen files shortly after the data breach came to light. 

The cybercriminals claim to have stolen over 200 Gb of data from Casio and they appear to have made at least some of it available for download by anyone who can access their Tor leak website. 

Related: IT Giant Atos Responds to Ransomware Group’s Data Theft Claims

Related: Washington Attorney General Sues T-Mobile Over 2021 Data Breach