On November 2, 2020, Japanese gaming giant Capcom reported that its servers had been targeted by a ransomware attack that reportedly stole 1TB of corporate data. The company also revealed that it was being blackmailed by an organization called Ragnar Locker, which claimed to have the contact information for up to 350,000 employees and partners of the company as well as plans for upcoming games.
At the time, Capcom stated that no credit card or financial information had been accessed. Now, however, the company has disclosed in a statement that 390,000 have been affected and that 16,406 people have had their personal data compromised, including 3,248 business partners, 9,164 former employees, and 3,995 current employees. Data contained names, email addresses, phone numbers, postal addresses and HR information.
The gaming giant has also confirmed that company information, including "sales reports, financial information, game development documents, [and] other information related to business partners," was stolen during the attack and posted on the internet.
Capcom maintains that no credit card information has been compromised, stating that transactions are handled by a third-party service provider and that the company does not retain financial information on its servers. The company has assured customers that the ransomware attack didn’t target online game functionality and that Capcom games can be safely purchased and played online.
In addition, Capcom says that roughly the personal data of 58,000 job applicants may have also been accessed. However, the company says it "currently does not see evidence for the possibility of data compromise" for an estimated 18,000 people who logged onto the its North America store or took part in its North American esports teams.
Capcom is currently contacting those who have been affected by the attack and investigating the personal information that may have been compromised. The company’s statement also contains contact information for its Japan, North America and EMEA support desks for those who worry that their personal data may have been compromised.
"Capcom would once again like to reiterate its deepest apologies for any complications or concerns caused by this incident. As a company that handles digital content, it is regarding this incident with the utmost seriousness,” the statement adds. "In order to prevent the reoccurrence of such an event, it will endeavor to further strengthen its management structure while pursing legal options regarding criminal acts such as unauthorized access of its networks."
Source: GamesIndustry.biz