Japanese tech giant, Casio Computer Co., Ltd. is dealing with a security breach that has compromised its educational web application, “ClassPad.net,” impacting registered customers in Japan and worldwide. The Casio data breach has raised serious concerns, prompting Casio to extend an official apology to those affected.
According to the official statement, this cyberattack on Casio resulted in the unauthorized access and exposure of personal information stored within the affected database. Casio has emphasized that no other company assets were compromised during this incident.
“On the evening of Wednesday, October 11, when the person in charge attempted to work in the development environment, it was discovered that a database failure had occurred, and the company assessed the situation,” reads Casio’s official apology.
The compromised data encompasses customer names, email addresses, countries or regions of residence, purchase history details (order information, payment methods, license codes), and service usage data. It’s essential to note that credit card information is not stored in the compromised database.
Investigation of the Casio data breach further confirmed that the personal information belonging to non-Japanese residents was accessed without authorization on October 12.
Casio is actively reaching out to all affected customers through various means, including email. A dedicated contact point has been established on Casio’s website to address customer inquiries and provide support.
The Impact of Casio Data Breach
The breach has affected 91,921 customers in Japan, including individuals and 1,108 educational institutions. Furthermore, the breach extends to 35,049 customers from 148 countries and regions outside of Japan.
Despite the Casio security breach, “ClassPad.net” remains fully operational, and users can continue to access the application without any concerns about unauthorized access.
Casio Data Breach: Root Cause
Casio attributes the Casio security breach to a combination of factors. It was determined that network security settings within the development environment were inadvertently disabled due to operational errors in the system’s management. This, coupled with insufficient operational oversight, allowed the external intrusion to occur.
In response to the Casio data breach, Casio has taken prompt measures to safeguard the affected databases within the development environment.
The company has also reported the incident to Japan’s Personal Information Protection Commission and the “PrivacyMark” certification organization, JUAS.
Additionally, Casio has engaged external cybersecurity experts and legal counsel to conduct comprehensive internal investigations and consider potential legal actions. Collaboration with law enforcement agencies is ongoing to support their investigation.
“Casio reported the incident to Japan’s Personal Information Protection Commission and to JUAS (the “PrivacyMark” certification organization) on Monday, October 16. Casio will continue to consult with and engage an external security specialist organization to conduct further internal investigations, analyze the root causes, and devise appropriate countermeasures in response to this incident,” reads an official apology.
Casio Data Breach: What’s the Next Step
Casio expresses deep regret for the inconvenience and concern this Casio data breach has caused its customers and all affected parties.
“Casio will strengthen technical safety management by implementing security enhancement measures for network routes and databases. In terms of operational management, Casio will implement thorough safety management measures, including reviewing security operational rules and continuing employee training on security measures. Once again, Casio deeply apologizes for the great inconvenience and concern this incident causes our customers and everyone involved,” highlights the Official Apology.
The company is resolved to rectify the situation and strengthen security measures to mitigate future risks.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.