Japanese watchmaker Seiko has confirmed it suffered a Black Cat ransomware assault earlier this yr, warning that the incident has led to a knowledge breach, exposing delicate buyer, associate, and personnel data.
Seiko says its investigation confirmed {that a} complete of 60,000 ‘objects of non-public information’ held by its ‘Group’ (SGC), ‘Watch’ (SWC), and ‘Devices’ (SII) departments have been compromised by the attackers.
On August 10, 2023, the corporate warned that somebody had gained unauthorized entry to at the least one in every of its servers on July 28, 2023.
On August 21, 2023, the BlackCat/ALPHV ransomware gang added Seiko to its extortion web site, claiming to have stolen manufacturing plans, worker passport scans, new mannequin launch plans, specialised lab check outcomes, and confidential technical schematics of existent and upcoming Seiko watches.
Additional data that emerged on the time advised that BlackCat purchased entry to Seiko’s community from an preliminary entry dealer (IAB) a day earlier than the identification of the intrusion.
Seiko launched a follow-up assertion on August 22, acknowledging that sure data regarding their enterprise companions and workers has been leaked, and dedicated to offering a extra correct evaluation of the scenario as soon as their investigations conclude.
Knowledge theft confirmed
Seiko investigated the breach and recognized all objects leaked by the ransomware gang.
The corporate states that the next data was leaked:
- SWC (Seiko Watch Company) buyer data, together with names, addresses, phone numbers, and/or e-mail addresses.
- Contact data for counterparties concerned in enterprise transactions with SGC, SWC, and/or SII, together with the person’s title, firm affiliation, job title, firm tackle, firm telephone quantity, and/or firm e-mail tackle.
- Info provided by candidates for employment with SGC and/or SWC, together with names, addresses, telephone numbers, e-mail addresses, and/or instructional background data.
- Personnel data, together with names and/or e-mail addresses, for each present and former workers of SGC and its group corporations.
The newest announcement clarifies that the cybercriminals didn’t entry the bank card data of Seiko Watch prospects.
Seiko says it can proceed to coordinate with cybersecurity specialists to bolster all IT programs and operations within the agency’s community, assess the causes of the breach, and carry out focused safety enhancements that may stop comparable incidents from occurring sooner or later.
Additionally, every of the impacted prospects, members of personnel, and enterprise companions will probably be notified concerning the safety breach individually.
