Prolific ransomware gang takes credit for Seiko data breach

One of the world’s most prominent ransomware gangs has taken credit for a cyberattack on Japanese watchmaker Seiko.

The company, which reported revenues of more than $1.7 billion this fiscal year from selling luxury watches, clocks and more, confirmed that it was dealing with a data breach in a statement on August 10.

It discovered a possible data breach on July 28 and hired cybersecurity experts to examine the situation on August 2. The investigators found unauthorized access to at least one of their servers.

On Monday, the AlphV/Black Cat ransomware gang took credit for the attack, sharing screenshots of the stolen data that included spreadsheets and presentations.

#Japan ALPHV, aka Blackcat, ransomware group has announced Seiko Group Corporation on the victim list

"Seiko manufactures and sells watches, clocks, electronic devices, semiconductors, and optical products."#DarkWeb #ransomware pic.twitter.com/Pu7efazibZ

— Daily Dark Web (@DailyDarkWeb) August 21, 2023

The gang continues to be one of the most prolific ransomware operations, launching dozens of high-profile attacks in 2023 including incidents involving cosmetics giant Estée Lauder, Reddit, legal document platform Casepoint and payment processing giant NCR.

Many experts believe the hackers associated with the ransomware gang were also behind the Darkside ransomware group, which was responsible for the cyberattack on Colonial Pipeline.

In its statement, Seiko said it is “reasonably certain that there was a breach and that some information stored by our Company and/or our Group companies may have been compromised.”

“Currently, we are verifying the exact nature of the information that was stored on the impacted servers. As soon as our ongoing investigation produces more specific results, we will report this immediately,” the company said.

The company urged any customers or partners to contact them if they receive suspicious messages coming from their email addresses and to “take extreme precautions to prevent your own systems from harm.”

Mihoko Matsubara, chief cybersecurity strategist at technology company NTT, told Recorded Future News that organizations in Japan are facing an increasing number of ransomware attacks.

Major Japanese companies like pharmaceutical firm Eisai and zipper manufacturer YKK have dealt with ransomware incidents in the last three months.

Matsubara noted that last month’s attack on the Port of Nagoya — one of the country’s biggest ports — has highlighted the cascading dangers of ransomware incidents.

“One of the lessons we learned from the Colonial Pipeline incident and the attack on the port of Nagoya last month is that depending on what sector the ransomware attack is hitting, it will have a domino effect on not only one organization but also multiple sectors,” she said.