Seiko USA Website Defaced in Extortion Attack, Customer Data Allegedly Stolen
Over the weekend, the Seiko USA website was defaced by attackers who claimed to have breached the company’s Shopify customer database and demanded a ransom to prevent its public release. The "Press Lounge" section of the site was replaced with a defacement page titled "HACKED," which included a ransom note and a warning of a data breach.
The attackers asserted they had accessed Seiko USA’s Shopify backend and exfiltrated sensitive customer information, including:
- Customer details (names, email addresses, phone numbers)
- Order history (purchase records, transaction details)
- Shipping data (addresses, shipping preferences)
- Account information (creation dates, customer notes)
To prove their access, the threat actors instructed Seiko USA to locate a specific customer account (ID 8069776801871) in the Shopify admin panel, where they claimed to have added a contact email for negotiations. The attackers set a 72-hour deadline before allegedly publishing the stolen data.
As of now, the legitimacy of the breach remains unconfirmed. Seiko USA has not publicly responded to inquiries from BleepingComputer but has since removed the extortion message from its website. The identity of the threat actors and the validity of their claims are still unclear.
Seiko Corporation of America cybersecurity rating report: https://www.rankiteo.com/company/seiko-corporation-of-america
Shopify cybersecurity rating report: https://www.rankiteo.com/company/shopify
"id": "SEISHO1776716769",
"linkid": "seiko-corporation-of-america, shopify",
"type": "Cyber Attack",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Retail, Watches',
'location': 'USA',
'name': 'Seiko USA',
'type': 'Corporation'}],
'attack_vector': 'Website defacement, Shopify backend access',
'data_breach': {'data_exfiltration': 'Alleged (unconfirmed)',
'personally_identifiable_information': 'Names, email '
'addresses, phone '
'numbers, shipping '
'addresses, account '
'creation dates',
'sensitivity_of_data': 'High (personally identifiable '
'information, transaction details)',
'type_of_data_compromised': ['Customer details',
'Order history',
'Shipping data',
'Account information']},
'description': 'Over the weekend, the Seiko USA website was defaced by '
'attackers who claimed to have breached the company’s Shopify '
'customer database and demanded a ransom to prevent its public '
"release. The 'Press Lounge' section of the site was replaced "
"with a defacement page titled 'HACKED,' which included a "
'ransom note and a warning of a data breach. The attackers '
'asserted they had accessed Seiko USA’s Shopify backend and '
'exfiltrated sensitive customer information. To prove their '
'access, the threat actors instructed Seiko USA to locate a '
'specific customer account (ID 8069776801871) in the Shopify '
'admin panel, where they claimed to have added a contact email '
'for negotiations. The attackers set a 72-hour deadline before '
'allegedly publishing the stolen data. As of now, the '
'legitimacy of the breach remains unconfirmed.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'defacement and alleged data breach',
'data_compromised': 'Customer details, order history, shipping '
'data, account information',
'identity_theft_risk': 'High (if data is confirmed stolen)',
'systems_affected': 'Seiko USA website, Shopify customer database'},
'initial_access_broker': {'entry_point': 'Shopify backend'},
'investigation_status': 'Ongoing (legitimacy unconfirmed)',
'motivation': 'Extortion',
'ransomware': {'data_exfiltration': 'Alleged (unconfirmed)',
'ransom_demanded': True},
'references': [{'source': 'BleepingComputer'}],
'response': {'containment_measures': 'Removal of extortion message from '
'website'},
'title': 'Seiko USA Website Defaced in Extortion Attack, Customer Data '
'Allegedly Stolen',
'type': 'Extortion, Defacement, Data Breach'}