Japanese multinational electronics manufacturing firm Casio had data from its customers around the world compromised following unauthorized access to its ClassPad.net education web app's server, reports SiliconAngle.
Nearly 127,000 records from customers in Japan and 148 other countries, which included names, email addresses, and country or region of residence, as well as purchasing and service usage details, have been exfiltrated by threat actors after certain network security settings in the server were not activated, according to Casio. Further investigation into the incident is underway but Casio emphasized that the rest of its assets were not affected by the breach.
Synopsys Software Integrity Group Fellow Ray Kelly noted that the data breach signifies the value of web app testing in production while KnowBe4 Data-Driven Defense Evangelist said that human error-related breaches should prompt evaluations of cybersecurity affecting changes prior to adoption, as well as periodic reviews of security settings.
"It shows the importance of change control and configuration control," said Grimes.