News
Japanese electronics manufacturer Casio announces major data breach impacting customers in 149 countries
October 2023 by AJ Thompson, CCO at Northdoor plc
Casio, the Japanese electronics manufacturing giant has announced a data breach that has impacted customers across 149 countries. As of the 18th October, cybercriminals accessed 91,921 items belonging to Japanese customers and 35,049 records of customers across 148 other countries.
The data included customers’ names and addresses, country of residence, purchasing information, including order details, payment methods and license codes and service usage. The data was held in Casio’s ClassPad, an education web app. An employee discovered the hack when attempting to work in the corporate development environment and spotted the database failure.
The fact that the cybercriminal appears to have gained access through the development environment is one that should make many companies sit up and take notice. Too often it is in such environments that vulnerabilities appear, as AJ Thompson, CCO at Northdoor plc, explains.
“Cybercriminals gaining access to data via frontline attacks such as phishing attempts and increasingly via supply chain and third parties, are often headline news and represent the most common ways of hacking systems. However, companies are starting to get better at protecting themselves from such attacks, boosting their security measures and gaining a better understanding of where vulnerabilities lie.
“However, there are some areas within businesses that tend to get overlooked in these security measures and development environments are one. As they are not necessarily customer-facing and are seen as an internal department, too many businesses do not think it necessary to arm these environments with the correct level of cyber defences.
“Not only do development environments allow cybercriminals access to further internal systems but also has the potential to cause huge vulnerabilities in the apps being developed and managed. We have seen in the past cybercriminals look to gain access and by infecting the tools that developers use, they are able to compromise apps that are then sent out for the frontline/public use.
“This means that the cybercriminal has the potential to reach thousands, potentially millions, of victims and their data with just one successful hack. Businesses therefore have to ensure that any vulnerability within their development environment is quickly closed down.
“With organisations steadily shutting down more obvious vulnerabilities and educating employees about what the latest threats look like, cybercriminals will always find the next path of least resistance. If by targeting the more forgotten aspects of an organisation’s infrastructure they can get to data or the opportunity to infect an app in development, they certainly will.
“Both businesses and those individuals working within development environments have to be more security aware. Every corner of a business is now a potential entry point for cybercriminals and those sections where there has been little attention paid to security defences have to now come higher up the priority list.
“For organisations struggling to identify potential areas of weakness working with IT consultancies can be greatly beneficial. They can help internal IT teams better understand their environments, identify all possible vulnerabilities and implement the most effective solutions to keep cybercriminals out,” Thompson concluded.
