Casio and Redcliffe Labs Data Leaks Expose Customer Information
27.10.2023Back to news
Here comes our report on recent data leakages. Today, let's examine the incidents those resulted in the disclosure of customer information at two large companies.
Casio Computer Co. Ltd, an electronics manufacturer based in Japan, reported a leak of customer personal information.
The incident came to light after an employee discovered a database failure. Upon investigation, Casio determined that an unauthorized party had gained access to web application "ClassPad.net" database within its development environment.
It is alleged that approximately 92,000 records, containing details of Japanese customers and more than 35,000 records, containing details of customers in other countries were accessed. The affected clients included both private individuals and educational institution customers.
Leaked data included:
- Full names
- Email addresses
- Countries of residence
- Information about service usage and purchase information.
Casio officials claimed that "some of the network security settings in the development environment were disabled due to an operational error of the system by the responsible department and insufficient operational management".
After discovering the incident, the company notified law enforcement and Japan's data watchdog. At this time, the vulnerability has been fixed and the ClassPad.ne application is working correctly.
The second incident we examine also involves exposure of personal information, kept in an unprotected database.
Indian medical diagnostics company Redcliffe Labs left its database unprotected, exposing the personal information of more than 12 million patients. The vulnerability in the database was discovered by cybersecurity researcher Jeremiah Fowler. He claimed that the total size of the disclosed data was 7TB.
The data involved a large number of medical records containing personal information about customers, including
- Full names
- Full names of doctors who screened patients
- Medical diagnostic scans
- Test results
- Location where the patient was tested.
It is further alleged that, in addition to the listed information, the database contained development files, related to the company’s mobile application.
According to Jeremiah, as soon as the company became aware of the incident, it immediately blocked access to the database. However, it is currently unknown how long the documents had been in the public domain.
Keeping business data organized and managing its flow can be a challenge. Classify valuable data, audit access rights, archive critical documents and monitor user’s operations on data with SearchInform FileAuditor and be confident that your corporate data is safe.