- Seiko USA website defaced; attackers claim Shopify backend breach
- Threat actors claim theft of full customer database, demand ransom within 72 hours
- No dark web leak yet; unclear if Seiko negotiated or if attackers bluffed, company previously hit by BlackCat ransomware in 2023
Premium watchmaker Seiko has had its US website defaced over the weekend in an incident where it also reportedly lost sensitive customer data.
Last weekend, the “Press Lounge” section of the Seiko USA website featured a new page called “HACKED.” In it, the unnamed threat actors said they accessed the company’s Shopify backend and retrieved sensitive customer information.
“This is an urgent security notice regarding your Shopify store. Your customer database has been compromised,” the page reportedly read. “We have successfully breached your Shopify store’s security systems and downloaded the entire customer database.”
The article continues below
Demanding negotiations
Without showing a sample of the stolen files, the threat actors said they obtained people’s names, email addresses, phone numbers, purchase records, transaction information, addresses, shipping preferences, account creation dates and various customer notes.
They gave the company 72 hours to reach out and negotiate to pay a ransom or the crooks would publish the stolen treasure on the dark web. They told the company to look for a specific customer account in the Shopify admin panel (ID 8069776801871) and use the email associated with that account to begin negotiations.
Seiko has yet to issue an official statement about the attack. However, it restored its website.
Although the weekend is already behind us, the data has yet to appear anywhere on the dark web. Furthermore, no threat actors claimed responsibility for the attack. This could mean that Seiko reached an agreement with the attackers, or that the criminals were simply bluffing and never had any data to begin with.
The company is no stranger to ransomware attacks. Back in July 2023, it was hit by the infamous BlackCat ransomware gang and lost 60,000 “items of personal data” from three departments – Group, Watch and Instruments. The data included names, telephone numbers, email addresses and postal addresses.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
