Premium watch manufacturer Seiko is dealing with a major security nightmare. Over the weekend, unknown hackers completely defaced the Seiko USA website. The incident caused massive panic because the attackers also claimed they successfully stole highly sensitive customer data during the digital break-in.
The trouble started last weekend when visitors noticed something strange on the website. The “Press Lounge” section of the official Seiko USA site suddenly displayed a brand new, highly alarming page simply titled “HACKED.” Inside this new page, the unnamed threat actors posted a direct message to the company. They explicitly claimed that they had bypassed digital security, accessed the company’s Shopify backend, and exfiltrated massive amounts of sensitive customer information.
The hackers left a clear warning on the defaced page. The message stated that this was an urgent security notification regarding the company’s Shopify store. The attackers bragged that they had successfully breached the store’s security systems and fully downloaded the entire customer database. This bold claim suggests the hackers have access to years of highly sensitive purchase history.
The threat actors listed exactly what they stole, though they did not provide a sample of the stolen files to prove it. According to their message, they obtained customers’ full names, private email addresses, personal phone numbers, and detailed purchase records. Furthermore, they claimed to hold exact transaction details, physical home addresses, shipping preferences, account creation dates, and various private notes attached to customer profiles.
The hackers did not waste any time demanding money. They gave the watch company a strict 72-hour deadline to reach out and negotiate a ransom payment. The attackers warned that if Seiko refused to pay the ransom, they would publish the entire stolen treasure trove on the dark web for other criminals to exploit. To start the negotiation process, the crooks told the company to look for a very specific, newly created customer account hidden inside the Shopify admin panel. They instructed Seiko executives to use the email address associated with that specific account to contact them.
So far, Seiko has remained completely quiet about the incident. The massive watch manufacturer has not yet issued any official public statement regarding the attack or the alleged data theft. However, the company’s IT team quickly regained control of the website and restored the defaced pages to their normal state.
The 72-hour deadline has already passed, but the situation remains unclear. As of now, the allegedly stolen data has not surfaced on the dark web. Furthermore, no known hacking group or threat actors have stepped forward to claim official responsibility for the attack. This silence could mean several different things. It is possible that Seiko quietly came to a financial agreement with the attackers behind closed doors. It is also entirely possible that the miscreants were simply bluffing and never actually had any stolen data to begin with.
Unfortunately, the premium watch company is no stranger to massive ransomware attacks. Just last year, back in July 2023, the infamous BlackCat ransomware gang successfully struck Seiko. During that brutal attack, the company lost 60,000 items of personal data from three different corporate departments: Group, Watch, and Instruments. The data exposed in that previous attack included employee and customer names, phone numbers, email addresses, and physical postal addresses. For now, Seiko customers must wait anxiously to see whether their private shopping habits are once again in criminals’ hands.
