Casio suffered a security incident in which data from thousands of customers around the world was hacked and stolen.
The company confirmed the news, saying that unnamed threat actors managed to gain access to a ClassPad.net database within the development environment. ClassPad.net is the company’s teaching and learning platform.
“On the evening of Wednesday, October 11, when the responsible person attempted to work in the development environment, it was discovered that a database error had occurred and the company assessed the situation,” the company’s announcement said. “In addition, as the company continued to analyze the situation, it was confirmed that on the evening of Thursday, October 12, the personal information of some residents of countries other than Japan had been accessed.”
Thousands of entries
The data obtained by the hackers includes customer names, email addresses, country of residence, service usage details, and purchasing information such as payment methods, license codes, and order details. No credit card or other payment information was accessed as it is not stored in the database.
Subsequent analysis revealed that the attackers had captured data from 91,921 Japanese customers (including 1,108 educational institutions) and data from 35,049 customers from 148 different countries.
“It is currently confirmed that some network security settings in the development environment have been disabled due to a system operational error by the responsible department and insufficient operational management,” the company said. “Casio believes these were the causes of the situation that allowed a third party to gain unauthorized access.”
The compromised database is currently unavailable to anyone outside the company, but the Classpad.net application can still be used. Casio added that it had notified law enforcement and Japan’s data watchdog and is cooperating with the investigation.
Through BleepingComputer