Seiko has confirmed that approximately 60,000 personal data records associated with Seiko Group Corporation (SGC), Seiko Watch Corporation (SWC), and Seiko Instruments Inc. (SII) were compromised in a recent cyberattack. The company stated that the attack occurred in late July, with hackers gaining access to at least one server. Seiko initially reported that some information may have been compromised, and later, the ransomware group known as BlackCat and ALPHV claimed responsibility for the attack.
BlackCat and ALPHV, after Seiko refused to respond to their extortion attempts, leaked files taken from the company. The cybercrime group claimed to have stolen over 2Tb worth of files, including employee information, production technology details, video and audio recordings of management meetings, emails, and copies of passports belonging to employees and foreign visitors. In mid-September, they made all the information public on their Tor-based leak website.
Seiko’s latest announcement confirms that compromised data includes SWC customer information, such as names, addresses, phone numbers, and email addresses. However, the company assures that payment card information was not stolen. Additionally, the attackers gained access to SGC, SWC, and SII business partner information, including names, job titles, company affiliations, and contact details. The personal data of current and former employees, as well as job applicants, was also compromised.
In response to the incident, Seiko has taken measures to enhance cybersecurity. They temporarily blocked external communication with the affected servers, installed Endpoint Detection and Response (EDR) systems on all servers and PCs to detect unauthorized activity, and implemented multi-factor authentication to prevent further breaches.
It is worth noting that the cybersecurity measures implemented by Seiko in response to the incident are considered basic and should ideally be implemented proactively by all organizations, rather than in response to a significant data breach.