{ "id": "3f71868e-7c66-46de-9bec-4aa3f67c38e4", "created_at": "2026-04-06T00:18:59.056966Z", "updated_at": "2026-04-10T13:12:25.688512Z", "deleted_at": null, "sha1_hash": "f1519b2fa2519d9456df61f93f99c20562ed9554", "title": "Japanese watchmaker Seiko breached by BlackCat ransomware gang", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1568635, "plain_text": "Japanese watchmaker Seiko breached by BlackCat ransomware gang\r\nBy Bill Toulas\r\nPublished: 2023-08-21 · Archived: 2026-04-05 12:54:36 UTC\r\nThe BlackCat/ALPHV ransomware gang has added Seiko to its extortion site, claiming responsibility for a cyberattack\r\ndisclosed by the Japanese firm earlier this month.\r\nSeiko is one of the world's largest and most historic watchmakers, with roughly 12,000 employees and an annual revenue\r\nthat surpasses $1.6 billion.\r\nOn August 10th, 2023, the company published a notice of a data breach informing that an unauthorized third-party gained\r\naccess to at least a part of its IT infrastructure and accessed or exfiltrated data.\r\nhttps://www.bleepingcomputer.com/news/security/japanese-watchmaker-seiko-breached-by-blackcat-ransomware-gang/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/japanese-watchmaker-seiko-breached-by-blackcat-ransomware-gang/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\n\"It appears that [on July 28, 2023] some as-yet-unidentified party or parties gained unauthorized access to at least one of our\r\nservers,\" reads Seiko's announcement.\r\n\"Subsequently, on August 2nd, we commissioned a team of external cybersecurity experts to investigate and assess the\r\nsituation.\"\r\n\"As a result, we are now reasonably certain that there was a breach and that some information stored by our Company\r\nand/or our Group companies may have been compromised.\"\r\nSeiko apologized to the potentially impacted customers and business partners and urged them to be vigilant against email or\r\nother communication attempts potentially impersonating Seiko.\r\nBlackCat assuming responsibility\r\nToday, the BlackCat ransomware group claimed to be behind the attack on Seiko, posting samples of data that they claim to\r\nhave stolen during the attack.\r\nIn the listing, the threat actors mock Seiko's IT security and leak what appear to be production plans, employee passport\r\nscans, new model release plans, and specialized lab test results.\r\nMost worryingly, the threat actors have leaked samples of what they claim are confidential technical schematics and Seiko\r\nwatch designs.\r\nSeiko listed on ALPHV website\r\nSource: BleepingComputer\r\nhttps://www.bleepingcomputer.com/news/security/japanese-watchmaker-seiko-breached-by-blackcat-ransomware-gang/\r\nPage 3 of 5\n\nThis indicates that BlackCat very likely possesses drawings that showcase Seiko internals, including patented technology,\r\nwhich would be damaging to publish and expose to competitors and imitators.\r\nBlackCat is one of the most advanced and notorious ransomware gangs actively targeting the enterprise, constantly evolving\r\nits extortion tactics.\r\nFor example, the group was the first to use a clearweb website dedicated to leaking data for a particular victim and, more\r\nrecently, created a data leak API, allowing for easier distribution of stolen data.\r\nUpdate 8/21/23: After publishing this story, researchers at Curated Intel told BleepingComputer that an initial access broker\r\n(IAB) was selling access to a Japanese manufacturing company on July 27th, one day before Seiko said they were initially\r\nbreached.\r\nWhile the IAB did not share the name of the company they were selling access to, they did say the company is in\r\nmanufacturing and has '1.8B' in revenue per Zoominfo, which is an exact match to Seiko's Zoominfo page.\r\nInitial access broker selling access to Japanese company\r\nSource: Curated Intel\r\nBleepingComputer has contacted Seiko for additional comments on the threat actor's claims, but we have not received a\r\nresponse by publication time.\r\nhttps://www.bleepingcomputer.com/news/security/japanese-watchmaker-seiko-breached-by-blackcat-ransomware-gang/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/japanese-watchmaker-seiko-breached-by-blackcat-ransomware-gang/\r\nhttps://www.bleepingcomputer.com/news/security/japanese-watchmaker-seiko-breached-by-blackcat-ransomware-gang/\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.bleepingcomputer.com/news/security/japanese-watchmaker-seiko-breached-by-blackcat-ransomware-gang/" ], "report_names": [ "japanese-watchmaker-seiko-breached-by-blackcat-ransomware-gang" ], "threat_actors": [ { "id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b", "created_at": "2022-10-25T16:07:23.303713Z", "updated_at": "2026-04-10T02:00:04.530417Z", "deleted_at": null, "main_name": "ALPHV", "aliases": [ "ALPHV", "ALPHVM", "Ambitious Scorpius", "BlackCat Gang", "UNC4466" ], "source_name": "ETDA:ALPHV", "tools": [ "ALPHV", "ALPHVM", "BlackCat", "GO Simple Tunnel", "GOST", "Impacket", "LaZagne", "MEGAsync", "Mimikatz", "Munchkin", "Noberus", "PsExec", "Remcom", "RemoteCommandExecution", "WebBrowserPassView" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434739, "ts_updated_at": 1775826745, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/f1519b2fa2519d9456df61f93f99c20562ed9554.pdf", "text": "https://archive.orkl.eu/f1519b2fa2519d9456df61f93f99c20562ed9554.txt", "img": "https://archive.orkl.eu/f1519b2fa2519d9456df61f93f99c20562ed9554.jpg" } }