Casio UK’s online store experienced a significant security breach between January 14-24, 2025, exposing customers’ personal and financial information. The breach was identified by JSCrambler, who promptly alerted Casio on January 28, leading to the removal of malicious scripts within 24 hours.

Technical Analysis of the Attack:
– The breach exploited Magento vulnerabilities
– Implemented a two-stage skimmer system
– Utilized Russian hosting providers
– Employed custom encoding and XOR-based string concealing
– Created a fraudulent checkout form to harvest sensitive data

Compromised Information:
– Billing addresses
– Email addresses
– Phone numbers
– Credit card details
– Personal identification data

Security Infrastructure Failures:
– Inadequate Content Security Policy (CSP) configuration
– CSP set to report-only mode
– Absence of violation reporting mechanisms

Recent Security Incidents at Casio:
– October 2024: Ransomware attack by Underground group affecting 8,500 individuals
– October 2024: ClassPad platform breach impacting users from 149 countries

The attack was part of a larger campaign targeting 17 other websites, with investigations ongoing. After data theft, victims were redirected to legitimate checkout pages, while stolen information was encrypted using AES-256-CBC before transmission to Russian-based servers.