Japanese electronics giant Casio has officially confirmed that a ransomware attack earlier this month resulted in the unauthorized theft of sensitive customer and corporate data. The company, which initially reported a “system disruption” on October 7, disclosed the true nature of the security incident in an updated statement released on Friday.
Scope of the Compromised Data
The breach has exposed a wide array of personal and professional information. According to Casio, the attackers successfully accessed data belonging to employees, contractors, business partners, and individuals who had previously interviewed with the company. Furthermore, internal files—including human resources records, invoices, and technical documentation—were compromised.
While Casio acknowledged that “information about some customers” was accessed, the company has yet to clarify the specific categories of data involved or the total number of affected individuals. However, the firm stated that its Casio ID and ClassPad services remain unaffected, and it has explicitly ruled out the compromise of credit card information.
The Underground Ransomware Group
Although Casio has not officially named the perpetrators, the ransomware group known as “Underground” has claimed responsibility for the attack on its dark web leak site. The group alleges that it successfully exfiltrated over 200 gigabytes of data, providing samples of stolen legal and payroll documents to substantiate their claims.
Security researchers have previously linked the Underground operation to the Russian-linked cybercriminal group Storm-0978, also identified as “RomCom.” BlackBerry analysts have further suggested that this entity conducts digital intrusions aligned with the interests of the Russian state, raising the profile of this incident beyond simple criminal extortion.
Ongoing Recovery and Investigation
Casio is currently working to determine the full scale of the breach as the investigation continues. Despite efforts to restore operations, the company confirmed that some systems remain “unusable” at this time.
When asked whether a formal ransom demand had been received or if negotiations were underway, Casio declined to comment. The company continues to monitor the situation to mitigate further risks to its partners and staff.