Article Details
Scrape Timestamp (UTC): 2023-10-25 16:44:31.236
Original Article Text
Click to Toggle View
Seiko says ransomware attack exposed sensitive customer data. Japanese watchmaker Seiko has confirmed it suffered a Black Cat ransomware attack earlier this year, warning that the incident has led to a data breach, exposing sensitive customer, partner, and personnel information. Seiko says its investigation confirmed that a total of 60,000 'items of personal data' held by its 'Group' (SGC), 'Watch' (SWC), and 'Instruments' (SII) departments were compromised by the attackers. On August 10, 2023, the company warned that someone had gained unauthorized access to at least one of its servers on July 28, 2023. On August 21, 2023, the BlackCat/ALPHV ransomware gang added Seiko to its extortion site, claiming to have stolen production plans, employee passport scans, new model release plans, specialized lab test results, and confidential technical schematics of existent and upcoming Seiko watches. Further information that emerged at the time suggested that BlackCat bought access to Seiko's network from an initial access broker (IAB) a day before the identification of the intrusion. Seiko released a follow-up statement on August 22, acknowledging that certain information relating to their business partners and employees has been leaked, and committed to providing a more accurate assessment of the situation once their investigations conclude. Data theft confirmed Seiko investigated the breach and identified all items leaked by the ransomware gang. The company states that the following information was leaked: The latest announcement clarifies that the cybercriminals did not access the credit card information of Seiko Watch customers. Seiko says it will continue to coordinate with cybersecurity specialists to bolster all IT systems and operations in the firm's network, assess the causes of the breach, and perform targeted security enhancements that will prevent similar incidents from occurring in the future. Also, each of the impacted customers, members of personnel, and business partners will be notified about the security breach individually.
Daily Brief Summary
Japanese watchmaker Seiko experienced a Black Cat ransomware attack resulting in a data breach divulging sensitive customer, partner, and employee information.
Investigations revealed a total of 60,000 'items of personal data' from Seiko's Group (SGC), Watch (SWC), and Instruments (SII) departments were breached.
Unauthorized access to at least one of Seiko's servers occurred on 28 July 2023; the company warned of the intrusion on 10 August 2023.
On 21 August 2023, the BlackCat/ALPHV ransomware gang claimed responsibility, boasting theft of production plans, staff passport scans, new model release schedules, lab test results, and sensitive technical schematics.
Information suggests that BlackCat purchased access to Seiko's network from an Initial Access Broker (IAB) a day before the intrusion was identified.
All personal and technical data leaked by the attackers has been identified; however, the cybercriminals did not gain access to credit card details of customers.
Seiko is working with cybersecurity specialists to strengthen its network security and promises to notify affected customers and partners individually.