Seiko disclosed "60k items" of personal data were breached after BlackCat ransomware attack

Various personal details, including customer names and addresses, leaked after a ransomware attack at Seiko

Seiko data breach discloses 60k records of personal user data

In a recent disclosure, Seiko, the renowned Japanese watchmaker, confirmed a significant cyber attack that infiltrated its digital systems. This alarming security breach, orchestrated by the cybercrime group known as BlackCat or AlphV, resulted in the exposure of approximately 60,000 '”items of personal data.”[1]

The compromised data spans across a broad spectrum, including information from customers, employees, business partners, and job applicants. This revelation emerged after the company collaborated with external cybersecurity specialists to conduct an in-depth review of the incident.

The areas within Seiko's enterprise that suffered the brunt of the attack include:

Seiko Watch Corporation (SWC)

Disturbingly, the SWC emerged as the most heavily impacted division. Information leaked includes customer names, addresses, phone numbers, and email addresses. One silver lining amidst this chaos is that the credit card details of SWC customers remained unaffected. However, details related to current and former employees and job applicants of SWC did not share the same fate and were among the compromised data.

Seiko Group Corporation (SGC) and Seiko Instruments Inc. (SII)

The ripple effects of the ransomware attack reached these business units as well. The exposed data comprises the contact information of counterparties involved in business transactions. This includes individual names, company affiliations, job titles, company addresses, phone numbers, and email addresses. Additionally, details related to SGC's and SII's employees and job seekers were also part of the breached data.

BlackCat behind the attack

Early indications of the attack date back to July 28, 2023, when unauthorized access to Seiko's servers was identified. By August 10,[2] the situation had escalated enough for the company to issue a warning. The BlackCat/ALPHV ransomware gang didn’t waste time capitalizing on their exploit, taking credit for the attack shortly after and adding Seiko to its extortion list.[3] They even went on to claim the theft of sensitive documents such as production plans, employee passport scans, and technical blueprints of existing and upcoming Seiko watch models.

A pivotal detail that surfaced amidst the turmoil is the suspected involvement of an Initial Access Broker (IAB). It's believed that BlackCat purchased access to Seiko’s network from this IAB just a day prior to the breach's discovery.

In response to the attack and the subsequent public attention, Seiko has been proactive in its communications and mitigation efforts. The company announced its commitment to individually notify all affected parties, as well as embarked on a mission to bolster their IT systems, seeking the expertise of cybersecurity specialists to enhance their digital infrastructure. This initiative aims to unearth the root causes of the breach, allowing for targeted security improvements and, ultimately, safeguarding against future attacks.

Internal documents leaked, cybercriminals claim

Another layer to this complex saga is the BlackCat group's tactic of leaking what they claimed to be Seiko's internal documents, including blueprints of new watch designs. However, Seiko’s latest communication has predominantly focused on the personal data believed to have been affected. Notably, Seiko did not confirm BlackCat's claim about the leakage of passport scans of employees.

Mike Newman, CEO at My1Login, commented on the situation, emphasizing the potential downstream effects of such breaches:[4]

Given the size of Seiko, some may say the company got off lightly, with BlackCat only managing to compromise 60,000 items of data. But, in reality, the impacts of this breach go far further

With cybercriminals possessing sensitive data, they can craft highly realistic phishing scams targeting the victims of the breach, potentially ensnaring other organizations in the process.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions