The breach was discovered on October 11, 2023, affecting 91,921 users in Japan and 35,049 customers from 148 countries and regions.
Casio has disclosed a data breach that impacted customers of its ClassPad education platform in 148 countries. The breach was discovered on October 11, 2023, while the person in charge was attempting to work within the development environment, a database failure was discovered, prompting the company to assess the situation.
Upon further analysis, it was also determined that on the evening of Thursday, October 12, unauthorized access had occurred, leading to the exposure of personal information of residents from countries outside Japan.
The exposed data includes customer names, email addresses, countries of residence, service usage details, and purchase information such as payment methods, license codes, and order specifics.
Casio stated that the hackers did not infiltrate systems beyond the compromised database within the development environment and that the ClassPad.net app remains operational.
“Customers in Japan: 91,921 items belonging to customers, including individuals and 1,108 educational institution customers – Customers outside Japan: 35,049 items belonging to customers from 148 countries and regions.”
CASIO
Human Error!
In a data breach notification, Casio confirmed that the situation arose because certain network security settings within the development environment were unintentionally disabled due to an operational error within the responsible department, coupled with inadequate operational oversight. These factors are believed to have allowed an external party to gain unauthorized access.
The company is working with law enforcement authorities and has reported the incident to Japan’s Personal Information Protection Commission. Casio has also taken steps to secure the ClassPad platform and prevent future data breaches.
Roger Grimes, a Data-Driven Defense Evangelist at KnowBe4, commented on the breach, highlighting that it was indeed caused by human error. Grimes underscored the importance of employee cybersecurity training as a cornerstone for both small businesses and large corporations.
“This data breach was caused by human error which led to network and database compromise. It’s important that any changes impacting cybersecurity be reviewed prior to implementation and that all security settings be periodically reviewed for accuracy,“ said Grimes. “It shows the importance of change control and configuration control. These can be considered “boring topics” by some, but are must-haves if an organization is expected to stay secure as it can over the long run.“
What to Do If You Are a Casio ClassPad Customer
If you are a Casio ClassPad customer, Casio recommends that you take the following steps to protect yourself:
- Change your ClassPad password immediately.
- Monitor your ClassPad account for any suspicious activity.
- Be wary of phishing emails or other scams that may attempt to exploit the data breach.
What Casio is Doing to Address the Data Breach
Casio has taken a number of steps to address the data breach, including:
- Notifying affected customers of the data breach.
- Working with law enforcement authorities to investigate the breach.
- Securing the ClassPad platform and preventing future data breaches.
- Reporting the incident to Japan’s Personal Information Protection Commission.
The Casio ClassPad data breach is a reminder that even large and well-established companies are vulnerable to cyberattacks. Customers of Casio ClassPad should take steps to protect themselves, such as changing their passwords and monitoring their accounts for suspicious activity.