Cyber Incident Victim: Casio

On October 5, 2024, Japanese technology manufacturer Casio experienced a cyberattack that caused a system failure, rendering certain customer services unavailable. The company publicly disclosed the incident on the same day, confirming unauthorized network intrusion but did not specify which customer-facing systems were disrupted. Upon detecting the breach, Casio immediately implemented containment measures including external access restrictions and notified relevant authorities. The company engaged external cybersecurity specialists to investigate both the attack's technical details and whether personal or critical data was exfiltrated. This incident occurred almost exactly one year after Casio's 2023 breach of its ClassPad.net education platform, which compromised information from users across 148 countries.

The investigation revealed that attackers accessed customer information including names, email addresses, countries of residence, order histories, service usage records, and payment method details, though credit card data remained secure. Casio reported 91,921 compromised "items" belonging to Japanese customers and 35,049 items from international customers, without defining the term "item" operationally. This follows the 2023 incident where hackers leaked over 120,000 data pieces from 1,108 educational institutions and an undisclosed number of individual users. While the company confirmed implementing enhanced security protocols after both breaches, it declined to specify whether the 2024 attack involved ransomware demands or attacker identification. Casio's financial disclosures noted $440 million in recent quarterly sales amid a decade-long revenue decline, though the direct business impact of the cyberattacks remains unquantified. The forensic review and regulatory reporting processes remain ongoing as of the latest public statement.