Security

Cyber-crime

Casio keyed up after data loss hits customers in 149 countries

Crooks broke into the ClassPad server and swiped online learning database


Japanese electronics giant Casio said miscreants broke into its ClassPad server and stole a database with personal information belonging to customers in 149 countries.

ClassPad is Casio's education web app, and in a Wednesday statement on its website, the firm said an intruder breached a ClassPad server and swiped hundreds of thousands of "items" belonging to individuals and organizations around the globe. 

As of October 18, the crooks accessed 91,921 items belonging to Japanese customers, including individuals and 1,108 educational institution customers, as well as 35,049 items belonging to customers from 148 other countries. If Casio finds additional customers were compromised, it promises to update this count.

The data included customers' names, email addresses, country of residence, purchasing info including order details, payment method and license code, and service usage info including log data and nicknames. Casio noted that it doesn't not retain customers' credit card information, so presumably people's banking info wasn't compromised in the hack.

The electronics giant didn't immediately respond to The Register's questions about the intrusion. 

An employee discovered the incident on October 11 while attempting to work in the corporate dev environment and spotted the database failure.

"At this time, it has been confirmed that some of the network security settings in the development environment were disabled due to an operational error of the system by the department in charge and insufficient operational management," the official notice said

"Casio believes these were the causes of the situation that allowed an external party to gain unauthorized access."

The intruder didn't access the ClassPad.net app, according to Casio, so that is still available for use.

In response to the problem, Casio has blocked outside access to all databases in the development environment that were targeted by the attackers. The Japanese giant also said it's working with a third-party security firm on the breach investigation and response.

Casio has reported the incident to law enforcement, as well as Japan's Personal Information Protection Commission and JUAS, the PrivacyMark certification organization.

All customers whose personal information may have been accessed will be contacted, it promised, and Casio will also respond to inquiries via this contact form. ®

Casio's breach follows several other high-profile data heists disclosed this week, including a second batch of stolen data from 23andMe being leaked on a cybercrime data. It appears to be the same criminal who broke into the biotech company and leaked profile data two weeks ago. ®

Send us news
12 Comments

Mitel 0-day, 5-year-old Oracle RCE bug under active exploit

3 CVEs added to CISA's catalog

Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days

'Codefinger' crims on the hunt for compromised keys

Chinese cyber-spies reportedly targeted sanctions intel in US Treasury raid

OFAC, Office of the Treasury Secretary feared hit in data-snarfing swoop

Chinese cyber-spies peek over shoulder of officials probing real-estate deals near American military bases

Gee, wonder why Beijing is so keen on the – checks notes – Committee on Foreign Investment in the US

Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used

Ransomware 'not off the table,' Arctic Wolf threat hunter tells El Reg

Crims backdoored the backdoors they supplied to other miscreants. Then the domains lapsed

Here's what $20 gets you these days

Atos denies Space Bears' ransomware claims – with a 'but'

Points finger at third-party infrastructure being breached

More telcos confirm China Salt Typhoon security breaches as White House weighs in

Intrusions allowed Beijing to 'geolocate millions of individuals, record phone calls at will'

FireScam infostealer poses as Telegram Premium app to surveil Android devices

Once installed, it helps itself to your data like it's a free buffet

China's cyber intrusions took a sinister turn in 2024

From targeted espionage to pre-positioning - not that they are mutually exclusive

Microsoft sues 'foreign-based' cyber-crooks, seizes sites used to abuse AI

Scumbags stole API keys, then started a hacking-as-a-service biz, it is claimed

Charter, Consolidated, Windstream reportedly join China's Salt Typhoon victim list

Slow drip of compromised telecom networks continues