Japanese watchmaker Seiko Group Corp. has been struck by a ransomware attack, with the BlackCat/ALPHV ransomware gang claiming responsibility.
The attack, officially described as a data breach, was disclosed by Seiko on Aug. 10 and is said to have taken place on July 28. According to Seiko, an unidentified party or parties gained unauthorized access to at least one of its servers. The company hired external cybersecurity experts who confirmed that a breach had taken place.
The statement from Seiko notes that the company is verifying the exact nature of the information that was stored on the impacted servers and would provide more information when available, though that was nearly two weeks ago.
Exactly what was stolen has emerged on the dark web leak site for the ALPHV ransomware group. According to a statement on its site published this morning, the group has obtained a long list of internal documents, including watch blueprints and designs, sales reports, invoices, employee emails, employee personal data, contracts and audits.
BlackCat/ALHPV claims that since the company refused to negotiate a payment with them, it’s now starting to publish the stolen data.
“All the data belonging to Seiko Group Corporation will be released for free download in closest future in case if we will not make an agreement with their management or we will not met an offer from buyers which we will not be able to refuse,” the group wrote.
Of the initial documents shared, some are in Japanese, but others show what appears to be blueprints and pictures of watch designs, the first page of a 2007 agreement between Seiko and Barclays Bank PLC, and a copy of someone’s passport for good measure.
The publication of a small tranche of stolen documents is typical of modern ransomware groups attempting to force a company to make a ransom payment to stop the further release of the stolen documents. The amount being demanded from Seiko was not disclosed by the group.