Japanese watchmaker Seiko has suffered a data breach by the BlackCat/AlphaV ransomware gang. On August 10, 2023, Seiko confirmed it was the victim of a cyber attack that resulted in data exfiltration by unknown cyber actors.
The watchmaker retained external cybersecurity experts to investigate the data leak and found that the threat actors stole certain information. Meanwhile, the BlackCat ransomware gang has claimed responsibility for the attack.
With a consolidated workforce of 11,643 employees as of March 2023, Seiko is a leading watchmaker with over $1.6 billion in annual revenue.
Seiko warns customers of potential attacks after a data breach
The Japanese watchmaker confirmed that unknown threat actors compromised its systems as early as July 28.
“Seiko Group Corporation has confirmed that on July 28th of this year, the Company suffered a possible data breach. It appears that some as-yet-unidentified party or parties gained unauthorized access to at least one of our servers,” said Seiko. “As a result, we are now reasonably certain that there was a breach and that some information stored by our Company and/or our Group companies may have been compromised.”
The breach resulted in the exfiltration of certain information the company and its affiliates stored on the compromised servers. The watchmaker is still verifying the nature of the information and will give a more conclusive report.
Meanwhile, Seiko advised its customers and business partners to confirm any communication purporting to originate from the company by calling to avoid falling victim to phishing attacks.
Meanwhile, the company has reported the data breach to the Personal Information Protection Commission and was working with law enforcement authorities to investigate the incident.
BlackCat ransomware gang claims responsibility for Seiko’s data breach
The BlackCat ransomware group is claiming responsibility for the Seiko data breach. Mocking the company’s poor cybersecurity practices, the Russian cyber threat group listed Seiko on its data leak site on August 21, 2023.
The ransomware gang also leaked some of the stolen data, seemingly containing technical information such as lab tests, production plans, and product designs, which could include patented intellectual property.
The threat actors also allege to have stolen corporate data such as sales reports, invoices, contracts, recordings of management meetings, and employee personal data, including employee and foreign visitors’ passports. The threat actors stole at least 2 terabytes during the Seiko data breach.
The ransomware gang has now threatened to publish or sell the stolen data to interested buyers after the company allegedly refused to negotiate.
The BlackCat ransomware gang targets high-profile organizations and demands hefty amounts in exchange for deleting stolen information.
According to Blockchain analysis firm Chainalysis, BlackCat/AlphaV ransomware’s average payment was $1,504,579 in 2023, with a median of $305,585.
First detected in November 2021, the “relatively new” group, the successor of the BlackMatter ransomware gang, applies triple extortion methods to squeeze the largest amount possible from its victims. Additionally, it posts the stolen data on the clear web to coerce its victims into paying ransom.
In 2023, the BlackCat/AlphaV ransomware was responsible for high-profile cyber attacks on Reddit, Western Digital, NextGen Healthcare, the City of Lakewood, Indian Sun Pharma, Canadian Constellation Software, US payments giant NCR, and the UK’s The Barts Health NHS Trust, among others.