Casio keyed up after data loss hits customers in 149 countries

Japanese electronics giant Casio said miscreants broke into its ClassPad server and stole a database with personal information belonging to customers in 149 countries.

ClassPad is Casio's education web app, and in a Wednesday statement on its website, the firm said an intruder breached a ClassPad server and swiped hundreds of thousands of "items" belonging to individuals and organizations around the globe. 

As of October 18, the crooks accessed 91,921 items belonging to Japanese customers, including individuals and 1,108 educational institution customers, as well as 35,049 items belonging to customers from 148 other countries. If Casio finds additional customers were compromised, it promises to update this count.

The data included customers' names, email addresses, country of residence, purchasing info including order details, payment method and license code, and service usage info including log data and nicknames. Casio noted that it doesn't not retain customers' credit card information, so presumably people's banking info wasn't compromised in the hack.

The electronics giant didn't immediately respond to The Register's questions about the intrusion. 

An employee discovered the incident on October 11 while attempting to work in the corporate dev environment and spotted the database failure.

"At this time, it has been confirmed that some of the network security settings in the development environment were disabled due to an operational error of the system by the department in charge and insufficient operational management," the official notice said. 

"Casio believes these were the causes of the situation that allowed an external party to gain unauthorized access."

The intruder didn't access the ClassPad.net app, according to Casio, so that is still available for use.

• Cybercrim claims fresh 23andMe batch takes leaked records to 5 million
• Critical Citrix bug exploited by data thieves weeks before being patched
• D-Link clears up 'exaggerations' around data breach
• We're not in e-Kansas anymore: State courts reel from 'unauthorized incursion'

In response to the problem, Casio has blocked outside access to all databases in the development environment that were targeted by the attackers. The Japanese giant also said it's working with a third-party security firm on the breach investigation and response.

Casio has reported the incident to law enforcement, as well as Japan's Personal Information Protection Commission and JUAS, the PrivacyMark certification organization.

All customers whose personal information may have been accessed will be contacted, it promised, and Casio will also respond to inquiries via this contact form. ®

Casio's breach follows several other high-profile data heists disclosed this week, including a second batch of stolen data from 23andMe being leaked on a cybercrime data. It appears to be the same criminal who broke into the biotech company and leaked profile data two weeks ago. ®