Following an investigation into the security breach it faced late last year, Capcom has revealed that no credit card information was accessed during a ransomware attack on the company. In a lengthy statement issued on its website, Capcom writes that it has most of its internal systems restored and that it will be working with a newly established security committee to prevent similar attacks from occurring in the future.
According to the post, someone was able to access Capcom's network via an old backup VPN that was located in its California office. Kept at the North America branch of Capcom for emergency backup purposes, the VPN hadn't yet been replaced due to the changing work environment brought on by the COVID-19 pandemic. The rest of Capcom's network has been updated and the compromised device has been completely removed from the network chain.
"Capcom would once again like to reiterate its deepest apologies for any complications or concerns caused by the incident," reads the statement. "As a company that handles digital content, it is treating this incident with the utmost seriousness and will take the appropriate action to address any requests or directions provided by law enforcement and other relevant authorities in each country."
The rest of the blog post goes into extreme detail about what happened and how Capcom responded to the incident. It's a little over my head, but the company assures that it will be taking every precaution to not repeat this incident. You may still wish to proceed with caution when purchasing digital goods from Capcom, but at least any sensitive information wasn't compromised.
Source: Capcom JP