Casio, the Japanese electronics giant, confirmed that a ransomware attack earlier this month resulted in the exposure of over 200 GB of sensitive data. The breach, which occurred on October 5, was linked to the Underground ransomware group, a relatively new player in the cybercrime world. This group, according to BleepingComputer, claimed responsibility for the attack, stating that they had “stolen legal documents, employee payroll information, patents, and company financial data.”

Initially, Casio described the incident as a “system failure,” but in the following days, it acknowledged the gravity of the situation. The stolen data includes personal information of employees, contractors, and even job applicants. According to the updated statement by Casio, “information related to contracts, invoices, and internal legal documents” had also been compromised. The company reassured customers that credit card information was not affected, and that services like Casio ID and ClassPad were not impacted by the attack.

The hackers, however, have already begun leaking some of the stolen information. As The Record highlighted, the Underground group has posted samples of the data on their dark web site to prove the legitimacy of their claims.

Casio has urged those affected to be on high alert for phishing attempts, warning that their personal information could be used to send them unsolicited emails.

The Underground group, linked to the Russian RomCom cybercrime outfit, has been active since mid-2023. It has previously targeted companies using vulnerabilities in Microsoft Office.

In response to the attack, Casio has shut down the affected servers and engaged cybersecurity experts to assess the damage. While the company is still investigating the full scope of the breach, it has already reported the incident to law enforcement and the Japanese Personal Information Protection Commission.