The UK website of electronics manufacturer Casio fell victim to a sophisticated cyber attack that compromised customers' personal and payment information between January 14-24, 2025.
Cybersecurity firm Jscrambler discovered malicious code injected into Casio's UK online store that collected sensitive customer data through a deceptive payment form. The attack was part of a larger campaign affecting at least 17 websites.
The attackers exploited vulnerabilities in the Magento e-commerce platform to inject a web skimmer - malicious code designed to steal information. Unlike typical attacks that target checkout pages, this skimmer was active across the entire website except the checkout page itself.
When customers attempted to make purchases, the skimmer intercepted their checkout process and displayed a fake payment form. This form collected personal details including names, addresses, phone numbers, email addresses and complete credit card information. After submission, customers received a fake error message before being redirected to the legitimate checkout page.
The stolen data was encrypted and transmitted to servers linked to Russian IP addresses. While Casio UK had security measures in place, including a Content Security Policy, these were not configured to actively block malicious scripts.
Upon notification by Jscrambler on January 28, Casio UK removed the malicious code within 24 hours. However, customers who made purchases during the compromise period may have had their information exposed.
This incident follows other recent security challenges for Casio, including an October 2024 ransomware attack that exposed data of approximately 8,500 individuals.
The investigation remains ongoing as researchers work to identify additional compromised websites and assist affected organizations in securing their platforms.