Did you hear about the recent cyberattack on Casio? The company has now confirmed that it suffered a ransomware attack earlier this month. Worse still, the personal and confidential data of employees, job candidates, and some customers was also stolen. We want to help you understand the implications of such attacks and how to protect your own information.

Details of the Casio Ransomware Attack

The attack came to light when Casio warned that it was facing system disruption and service outages due to unauthorized access to its networks during the weekend. The Underground ransomware group later claimed responsibility for the attack, leaking various documents allegedly stolen from the Japanese tech giant’s systems. Today, Casio has published a new statement admitting that sensitive data was indeed stolen during the attack on its network.

What Information Was Compromised?

According to Casio’s ongoing investigation, the following information has been confirmed as likely compromised:

• Personal data of both permanent and temporary/contract employees of Casio and its affiliated companies.
• Personal details related to business partners of Casio and certain affiliates.
• Personal information of individuals who have interviewed for employment with Casio in the past.
• Personal information related to customers using services provided by Casio and its affiliated companies.
• Details related to contracts with current and past business partners.
• Financial data regarding invoices and sales transactions.
• Documents that include legal, financial, human resources planning, audit, sales, and technical information from within Casio and its affiliates.

However, Casio has clarified that customer data exposed in the breach does not include credit card information, as payment data isn’t stored on its systems. Additionally, the company says service systems like CASIO ID and ClassPad.net were not affected by the incident, as they are not hosted on the breached server infrastructure.

What Can You Do?

As the investigation continues, the scope of the impact may broaden. If you believe you may be affected, remain vigilant against unsolicited emails. Casio also requests internet users to avoid sharing any leaked information online, as doing so only worsens the situation for those affected by the data breach. In their updated statement, Casio says, “Please refrain from spreading this information through social media, etc., as it could increase the damage caused by the leak of information on this case, violate the privacy of those affected, have serious effects on their lives and businesses, and encourage crime.”

The police and Japan’s Personal Information Protection Commission have been informed about the situation since earlier this week. Authorities are now involved in the investigations and remediation efforts.

Stay Informed and Stay Safe

Unfortunately, cyberattacks like the one on Casio are becoming all too common. It’s crucial for everyone to stay informed about cybersecurity and take steps to protect their personal information. Keep coming back to learn more about the latest developments in cybersecurity and how you can safeguard your information from cyber threats. If you have any questions or concerns, don’t hesitate to reach out to us for assistance.

Big news in the cybersecurity world: Marriott International and its subsidiary Starwood Hotels are on the hook for $52 million, plus the creation of a comprehensive information security program, as part of a settlement for data breaches that affected more than 344 million customers.

What does this mean for you, the U.S. consumer? For starters, Marriott and Starwood will have to implement a robust security program and allow customers to request personal data deletions.

And there’s more: The American hospitality giant has also agreed to pay $52,000,000 to 49 states to resolve claims related to these data breaches.

So, what happened with Marriott?

Marriott International is a major player in the hospitality industry, managing and franchising a huge portfolio of hotels and lodging facilities. They operate over 7,000 properties in 130 countries worldwide.

Starwood, on the other hand, was an American hotel and leisure company until Marriott acquired it in 2016. This acquisition made Marriott responsible for data security and related hotel operations.

The announcement from the FTC shines a light on three cases where Marriott dropped the ball when it came to protecting its customers’ information.

First, there was a data breach in June 2014 in which many Starwood customers’ payment card information was exposed. It took 14 months for this breach to be discovered and publicly disclosed, which left affected clients exposed to elevated risks for over a year.

Then, there was a second incident where hackers accessed 339 million Starwood guest account records, including 5.25 million unencrypted passport numbers. This breach occurred in July 2014 but wasn’t detected until September 2018, again leaving customers exposed for multiple years.

Lastly, a third breach impacted Marriott itself. In September 2018, malicious actors accessed the records of 5.2 million guests. The exposed data included names, email addresses, postal addresses, phone numbers, dates of birth, and loyalty account information. Marriott didn’t discover this compromise and inform its clients until February 2020.

What’s the deal with the settlement?

The FTC is accusing Marriott and Starwood of misleading consumers about their data security practices. Some of the outlined failures include poor password controls, outdated software, and a lack of appropriate monitoring in their IT environment.

As part of the settlement agreement, Marriott and Starwood will now have to:

1. Establish a comprehensive information security program, complete with third-party assessments every two years and annual compliance certification for 20 years.
2. Limit data retention to only what’s necessary and inform customers of the reason for collecting and keeping their data.
3. Allow customers to request reviews of unauthorized activity in their loyalty accounts and restore stolen points.
4. Provide a way for customers to request deletion of personal information linked to their email or loyalty account.
5. Prohibit misrepresenting how personal data is handled and ensure transparency in security practices.

Marriott has also reached a separate settlement with 49 states and the District of Columbia, agreeing to pay $52,000,000 to resolve allegations and claims related to the above security incidents.

What can you do to protect yourself?

Data breaches like these are a harsh reminder that we need to be vigilant about our online security. Make sure to use strong, unique passwords for each of your accounts and keep an eye on your financial and loyalty accounts for any suspicious activity. Consider using a password manager to help you keep track of your passwords securely.

And remember, we’re always here to help. If you have any questions about cybersecurity or want to learn more about protecting your personal information, don’t hesitate to reach out to us. We’re committed to helping you stay informed and secure in this ever-changing digital landscape.

A Major Breach at Fidelity Investments

Imagine you’re one of the 77,000 customers of Fidelity Investments, a Boston-based multinational financial services company, who just found out that their personal information had been exposed. This was the unfortunate reality for many after Fidelity disclosed that its systems were breached in August.

As one of the largest asset managers globally, with $14.1 trillion in assets under administration and $5.5 trillion under management, Fidelity employs over 75,000 associates across 11 countries in North America, Europe, Asia, and Australia. With such a massive operation, this breach is undoubtedly a significant concern for both the company and its customers.

The Details of the Breach

In a filing with the Office of Maine’s Attorney General, Fidelity revealed that an unknown attacker stole data between August 17 and 19 using “two customer accounts that they had recently established.” The company detected the activity on August 19 and immediately took steps to terminate the access, launching an investigation with assistance from external security experts.

In data breach notifications sent to affected individuals, Fidelity said, “The information obtained by the third party related to a small subset of our customers. Please note that this incident did not involve any access to your Fidelity account(s).” However, the company has yet to reveal what personal information was stolen in the data breach besides names and other personal identifiers.

When we asked how the attacker could access the data of thousands of customers using two accounts they previously created, Fidelity’s head of external corporate comms, Michael Aalto, said they couldn’t share that information. However, he added that “they did not view accounts. They viewed customer information.”

What’s Being Done to Protect Customers?

Even though Fidelity says there is no evidence that the stolen customer data has been misused, the company is providing affected customers with two years of free TransUnion credit monitoring and identity restoration services.

Fidelity also advised customers to “remain vigilant for fraudulent activity or identity theft by regularly reviewing your statements for your financial and other accounts, monitoring your credit reports, and promptly reporting any suspicious activity to your financial institution (if applicable), local law enforcement, or your appropriate state authority.”

A Call to Take Cybersecurity Seriously

This incident serves as a powerful reminder of the importance of cybersecurity for both individuals and companies. As technology continues to evolve, so do the threats we face. It’s crucial to stay informed about potential risks and take the necessary steps to protect ourselves and our sensitive information.

That’s why we’re here to help. Our IT Services team is dedicated to providing you with the latest cybersecurity information and guidance. Don’t hesitate to contact us if you have any questions or concerns, and remember to keep coming back to learn more about how to stay safe in our digital world.