Casio keyed up after data loss hits customers in 149 countries

Crooks broke into the ClassPad server and swiped online learning database

Japanese electronics giant Casio said miscreants broke into its ClassPad server and stole a database with personal information belonging to customers in 149 countries.

ClassPad is Casio's education web app, and in a Wednesday statement on its website, the firm said an intruder breached a ClassPad server and swiped hundreds of thousands of "items" belonging to individuals and organizations around the globe. 

As of October 18, the crooks accessed 91,921 items belonging to Japanese customers, including individuals and 1,108 educational institution customers, as well as 35,049 items belonging to customers from 148 other countries. If Casio finds additional customers were compromised, it promises to update this count.

The data included customers' names, email addresses, country of residence, purchasing info including order details, payment method and license code, and service usage info including log data and nicknames. Casio noted that it doesn't not retain customers' credit card information, so presumably people's banking info wasn't compromised in the hack.

The electronics giant didn't immediately respond to The Register's questions about the intrusion. 

An employee discovered the incident on October 11 while attempting to work in the corporate dev environment and spotted the database failure.

"At this time, it has been confirmed that some of the network security settings in the development environment were disabled due to an operational error of the system by the department in charge and insufficient operational management," the official notice said

"Casio believes these were the causes of the situation that allowed an external party to gain unauthorized access."

The intruder didn't access the app, according to Casio, so that is still available for use.

In response to the problem, Casio has blocked outside access to all databases in the development environment that were targeted by the attackers. The Japanese giant also said it's working with a third-party security firm on the breach investigation and response.

Casio has reported the incident to law enforcement, as well as Japan's Personal Information Protection Commission and JUAS, the PrivacyMark certification organization.

All customers whose personal information may have been accessed will be contacted, it promised, and Casio will also respond to inquiries via this contact form. ®

Casio's breach follows several other high-profile data heists disclosed this week, including a second batch of stolen data from 23andMe being leaked on a cybercrime data. It appears to be the same criminal who broke into the biotech company and leaked profile data two weeks ago. ®

Send us news

U-Haul tells 67K customers that cyber-crooks drove away with their personal info

Thieves broke into IT system using stolen login

Russia's Cozy Bear dives into cloud environments with a new bag of tricks

Kremlin's spies tried out the TTPs on Microsoft, and now they're off to the races

Cybercrims: When we hit IT, they sometimes pay, but when we hit OT... jackpot

Or so says opsec firm, which confirms 70% of all industrial org ransomware in 2023 targeted manufacturers

Insider steals 79,000 email addresses at work to promote own business

After saying they're very sorry, they escape with a slap on the wrist

Security is hard because it has to be right all the time? Yeah, like everything else

It takes only one bottleneck or single point of failure to ruin your week

Orgs are having a major identity crisis while crims reap the rewards

Hacking your way in is so 2022 – logging in is much easier

Back from the dead: LockBit taunts cops, threatens to leak Trump docs

Officials have until March 2 to cough up or stolen data gets leaked

Feds dismantle Russian GRU botnet built on 1,000-plus home, small biz routers

Beijing, now Moscow.… Who else is hiding in broadband gateways?

ALPHV/BlackCat responsible for Change Healthcare cyberattack

US government's bounty hasn't borne fruit as whack-a-mole game goes on

ALPHV gang claims it's the attacker that broke into Prudential Financial, LoanDepot

Ransomware group continues to exploit US regulatory requirements to its advantage

Southern Water cyberattack expected to hit hundreds of thousands of customers

Brit utility also curiously disappears from Black Basta leak site

China's Volt Typhoon spies broke into emergency network of 'large' US city

Jeez, not now, Xi. Can't you see we've got an election and Ukraine and Gaza and cost of living and layoffs and ...