Casio Data Breach Affects Thousands of ClassPad Customers

Leading Japanese electronics manufacturer, Casio Computer disclosed a data breach incident affecting its customers from 149 countries and regions. The incident compromised personal information of some ClassPad customers.

ClassPad.net is an education platform of the company, and an attacker is said to have leveraged a security-related vulnerability in a database of its development environment. Thus, successfully managing to steal stored customer information, including names, email addresses, country/region of residence, service usage details, and purchasing information such as payment method, license code, order details, etc.

The incident was first detected by Casio on October 11 when an employee discovered a database failure while attempting to work in the development environment. On further investigation, Casio found that personal information of some users was accessed on October 12.

The leaked information is said to contain 91,921 items belonging to customers in Japan (including individuals and 1,108 educational institution customers), and 35,049 items belonging to users from 148 countries and regions.

“At this time, it has been confirmed that some of the network security settings in the development environment were disabled due to an operational error of the system by the department in charge and insufficient operational management,” the notice said.

‘’Casio believes these were the causes of the situation that allowed an external party to gain unauthorized access,’’ continued Casio.

It also confirmed that no banking or credit card information was accessed, and the ClassPad app remained operational as the hacker had not infiltrated the system beyond the compromised database.

In order to mitigate the breach-related risks, the company stated that it would continue to strengthen technical safety measures. To prevent future similar incidents, it would provide security training to employees and deploy needed security measures.

Additionally, Casio will be working with external security specialist companies and external law firms to analyze and implement countermeasures to limit the breach’s impact. The incident was also reported to Japan’s Personal Information Protection Commission.