Japanese watchmaker Seiko has confirmed it suffered a Black Cat ransomware assault earlier this yr, warning that the incident has led to a data breach, exposing delicate buyer, associate, and personnel info.
Seiko says its investigation confirmed {that a} whole of 60,000 ‘gadgets of non-public knowledge’ held by its ‘Group’ (SGC), ‘Watch’ (SWC), and ‘Devices’ (SII) departments had been compromised by the attackers.
On August 10, 2023, the corporate warned that somebody had gained unauthorized entry to not less than certainly one of its servers on July 28, 2023.
On August 21, 2023, the BlackCat/ALPHV ransomware gang added Seiko to its extortion web site, claiming to have stolen manufacturing plans, worker passport scans, new mannequin launch plans, specialised lab take a look at outcomes, and confidential technical schematics of existent and upcoming Seiko watches.
Additional info that emerged on the time instructed that BlackCat purchased entry to Seiko’s community from an preliminary entry dealer (IAB) a day earlier than the identification of the intrusion.
Seiko launched a follow-up assertion on August 22, acknowledging that sure info referring to their enterprise companions and workers has been leaked, and dedicated to offering a extra correct evaluation of the scenario as soon as their investigations conclude.
Data theft confirmed
Seiko investigated the breach and recognized all gadgets leaked by the ransomware gang.
The corporate states that the next info was leaked:
- SWC (Seiko Watch Company) buyer info, together with names, addresses, phone numbers, and/or electronic mail addresses.
- Contact info for counterparties concerned in enterprise transactions with SGC, SWC, and/or SII, together with the person’s identify, firm affiliation, job title, firm tackle, firm cellphone quantity, and/or firm electronic mail tackle.
- Data provided by candidates for employment with SGC and/or SWC, together with names, addresses, cellphone numbers, electronic mail addresses, and/or academic background info.
- Personnel info, together with names and/or electronic mail addresses, for each present and former workers of SGC and its group corporations.
The newest announcement clarifies that the cybercriminals didn’t entry the bank card info of Seiko Watch prospects.
Seiko says it would proceed to coordinate with cybersecurity specialists to bolster all IT techniques and operations within the agency’s community, assess the causes of the breach, and carry out focused security enhancements that can stop comparable incidents from occurring sooner or later.
Additionally, every of the impacted prospects, members of personnel, and enterprise companions can be notified concerning the security breach individually.
