Seiko Group, the Japanese company known best for its timekeeping business, has published a fresh update on its July ransomware attack, revealing that the group behind it stole 60,000 items of personal data.

At this stage of the company's investigations, Seiko Watch Corporation (SWC) appears to be the worst affected by the ransomware attack.

Stolen SWC customer personal information includes names, addresses, phone numbers and/or email addresses, although no credit card details.

Details of job applicants and staff of SWC, both current and former employees, are believed to be involved as well, and some contact information for counterparties in business transactions is also affected.

Seiko Group was also impacted by the theft of counterparty data, and its employees and job applicants may also have had their data stolen too.

Seiko Instruments was the final company impacted by the ransomware attack, with its counterparty data and employee details among those stolen.

When the attack was first disclosed on August 10, and then claimed by ransomware outfit BlackCat later that month, not much was known about the full extent of the intrusion.

At the time, BlackCat leaked what it claimed to be internal documents, some of which appeared to be blueprints for watch designs that were leaked following the launch of two new models in the Grand Seiko Caliber 9S series.

"To help Seiko Group with evaluation of missing data we are starting posting blueprints of past and future models," BlackCat said.

However, the latest communication from Seiko today has only revealed the personal data it believed to have been affected, though it did say it's continuing to identify the scope of the breach.

Notably, it didn't say passport details were among the data stolen by BlackCat, despite the ransomware group leaking what it claimed to be scans of the identity documents belonging to employees.

"Given the size of Seiko, some may say the company got off lightly, with BlackCat only managing to compromise 60,000 items of data. But, in reality, the impacts of this breach go far further," Mike Newman, CEO at My1Login, told The Register.

"With criminals now holding sensitive data belonging to customers, employees, and job applicants, they can target these victims with realistic phishing scams to try to ensnare them further, which means other organizations may get caught up in the aftermath of this incident.

"Seiko has not revealed how attackers initially compromised its servers, but with BlackCat being the suspected culprits, phishing will undoubtedly have played a part."

In addition to ongoing investigations, Seiko said it is also reviewing its IT vulnerabilities and business continuity plan, strengthening its security systems, and implementing other measures to prevent any recurrences.

"We sincerely apologize for any inconvenience this attack on our data servers may have caused or may yet cause. We have begun reaching out to each of the affected parties individually, and if any further leaks are discovered, we will, to the best of our ability, continue to respond to each affected party on an individual basis," Seiko Group said.

It doesn't appear that Seiko paid a ransom to BlackCat - the company said that it performed a "clean system restoration" after working with incident response specialists to limit the damage of the ransomware attack.

Multiple posts to the ransomware gang's leak site indicated that the company never contacted them, not even to ask for their demands. ®

https://www.theregister.com//2023/10/25/seiko_august_breach_update/