Casio Discloses Data Breach Impacting Customers from 149 Countries

Japanese electronics manufacturer Casio has recently revealed a data breach that has affected customers in 149 countries. The breach occurred when hackers gained access to the servers of Casio’s ClassPad education platform.

Casio became aware of the breach on Wednesday, October 11, after encountering issues with a ClassPad database in their development environment. It is believed that the attacker was able to access customers’ personal information on October 12.

The compromised data includes customer names, email addresses, countries of residence, service usage details, and purchase information such as payment methods, license codes, and order specifics. Fortunately, credit card information was not stored within the breached database.

As of October 18, the attackers have accessed a total of 91,921 items belonging to Japanese customers (including individuals and 1,108 educational institution customers), as well as 35,049 records belonging to customers from 148 countries and regions outside of Japan.

“At this time, it has been confirmed that some of the network security settings in the development environment were disabled due to an operational error of the system by the department in charge and insufficient operational management,” the company stated.

“Casio believes these were the causes of the situation that allowed an external party to gain unauthorized access.”

ClassPad Still Operational, Previous Breach Claims

Although the compromised database is currently inaccessible to external entities, the ClassPad.net app remains operational. Casio has clarified that the hackers did not breach systems beyond the compromised database within the development environment.

Upon discovery of the breach, Casio promptly reported the incident to Japan’s Personal Information Protection Commission and is now collaborating with law enforcement authorities to aid in the investigation of the breach.

In addition, Casio is working alongside external cybersecurity and forensics experts to conduct an internal investigation. The goal is to identify the underlying causes of the breach and develop effective countermeasures.

In early August, a threat actor known as thrax claimed to have leaked over 1.2 million user records on the BreachForums cybercrime forum. These records were allegedly stolen from an older casio.com database on a Remote Desktop Services (RDS) server.

The allegedly stolen information includes entries up to July 2011, AWS keys, and database credentials.

“This DB is kinda old as hell, but believe it or not, this was dumped from a live RDS server today. If anyone wants the AWS keys (with some pretty juicy permissions, S3 bucket access, etc.) and database credentials, etc., DM me,” the threat actor stated.

“A user who I gave the AWS keys to has managed to find another database. After looking into this database, the newest date I could reference was January 2006, another old database.”

When contacted by BleepingComputer for additional details regarding the October incident and to verify thrax’s claims, a Casio spokesperson was unavailable for comment.