Casio Data Breach Affects Thousands of ClassPad Customers

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

Leading Japanese electronics manufacturer, Casio Computer disclosed a data breach incident affecting its customers from 149 countries and regions. The incident compromised personal information of some ClassPad customers.

ClassPad.net is an education platform of the company, and an attacker is said to have leveraged a security-related vulnerability in a database of its development environment. Thus, successfully managing to steal stored customer information, including names, email addresses, country/region of residence, service usage details, and purchasing information such as payment method, license code, order details, etc.

The incident was first detected by Casio on October 11 when an employee discovered a database failure while attempting to work in the development environment. On further investigation, Casio found that personal information of some users was accessed on October 12.

The leaked information is said to contain 91,921 items belonging to customers in Japan (including individuals and 1,108 educational institution customers), and 35,049 items belonging to users from 148 countries and regions.

“At this time, it has been confirmed that some of the network security settings in the development environment were disabled due to an operational error of the system by the department in charge and insufficient operational management,” the notice said .

‘’Casio believes these were the causes of the situation that allowed an external party to gain unauthorized access,’’ continued Casio.

It also confirmed that no banking or credit card information was accessed, and the ClassPad app remained operational as the hacker had not infiltrated the system beyond the compromised database.

In order to mitigate the breach-related risks, the company stated that it would continue to strengthen technical safety measures. To prevent future similar incidents, it would provide security training to employees and deploy needed security measures.

Additionally, Casio will be working with external security specialist companies and external law firms to analyze and implement countermeasures to limit the breach’s impact. The incident was also reported to Japan’s Personal Information Protection Commission.

Millions of 23andMe Users Genetic Data Profile Leaked on Cybercrime Forum

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

Earlier this month, US biotechnology and genetic testing company 23andMe released a statement confirming the sale of its users’ data on a hacking forum.

Since then, the company has seen millions of its users’ data being leaked on BreachForums by a hacker going by the name of Golem. First, on October 2, the hacker released samples of data allegedly stolen from the company, followed by a posting advertising the sale of bulk data. The 1 million lines of data was said to belong to Ashkenazi Jews from around the world.

Later this week, the same threat actor released another set of data (4+ million) claiming to belong to the wealthiest people in the US and Western Europe. According to their claims, the data includes sensitive information about the British Royal family, the Rothschilds, Rockefellers, and more.

Upon learning about the incident, the genetic firm launched an investigation with third-party forensic experts and believes that the breach was a result of credential stuffing attack. It however confirmed that there was no evidence suggesting that its internal network was compromised.

‘’While we are continuing to investigate this matter, we believe threat actors were able to access certain accounts in instances where users recycled login credentials – that is, usernames and passwords that were used on 23andMe.com were the same as those used on other websites that have been previously hacked,’’ the statement read.

As a result, it is also advising the users to activate multi-factor authentication and reset passwords, rather than using recycled ones.

23andMe believes that only a small number of user accounts were breached; however, the activation of DNA Relatives feature by few users will affect millions of its customers. The effects of which are already being felt by the organization, as it tries to make its way through the myriad of lawsuits filed against it.