Capcom Ransomware Attack: "Some Personal Information Maintained By The Capcom Group Has Been Compromised"

Capcom has published an official press release pertaining to the ransomware attack it experienced at the beginning of November. According to the statement, “some personal information maintained by The Capcom Group has been compromised.”

The press release was published by the company’s Osaka branch this morning, November 16. It notes that the ransomware attack was the product of unauthorized access to Capcom’s network, and that the breach compromised data belonging to employees, former employees, and some consumers, as well as potentially shareholders and former employees’ family members.

The data is broken into two categories: information that has been confirmed to be compromised, and data that could potentially have been compromised.

Information verified to have been compromised — personal information (nine items):

  • Personal information of former employees: five items (Name & signature: two items; name & address: one item; passport information: two items).
  • Personal information of employees: four items (Name and HR information: three items; name & signature: one item).

It has also been confirmed that some details of sales reports and financial  information were compromised during the breach.

Information that could potentially have been compromised — personal information (maximum of approx. 350,000 items):

  • Japan: Customer service video game support help desk information: approx. 134,000 items (Names, addresses, phone numbers, email addresses).
  • North America: Capcom Store member information: approx. 14,000 items (Names, birthdates, email addresses).
  • North America: Esports operations website members: approx. 4,000 items(Names, email addresses, gender information).
  • List of shareholders: approx. 40,000 items (Names, addresses, shareholder numbers, amount of shareholdings).
  • Former employees’ (including family) information: approx. 28,000 people;applicants’ information: approx. 125,000 people (Names, birthdates, addresses, phone numbers, email addresses, photos, etc.)

On top of this it has been reported that HR information pertaining to approximately 14,000 people may have been compromised, as well as confidential corporate information encompassing sales data, business partner information, sales documents, and more.

“None of the at-risk data contains credit card information,” the statement reads. “All online transactions etc. are handled by a third-party service provider, and as such Capcom does not maintain any such information internally.”

Capcom states that it has posted the maximum amount of potentially compromised items and is currently in the process of contacting all affected people. It has also reported the attack to the supervisory authority under GDPR (ICO in the UK) and the Personal Information Protection Commission (Japan). On top of this, it has implemented additional protective software and is currently consulting with third-party security specialists.

“Additionally, it is safe for Capcom customers or others to connect to play the company’s games online and access its websites,” the report reads.

“Capcom would once again like to reiterate its deepest apologies for any complications or concerns caused by this incident. As a company that handles digital content, it is regarding this incident with the utmost seriousness. In order to prevent the reoccurrence of such an event, it will endeavor to further strengthen its management structure while pursing legal options regarding criminal acts such as unauthorized access of its networks.”

Read next: Pokemon Has A Great Meta Except For The Fact That Ice Is Completely Useless

  • Game News
  • Capcom

Cian Maher is the Lead Features Editor at TheGamer. He’s also had work published in The Guardian, The Washington Post, The Verge, Vice, Wired, and more. You can find him on Twitter @cianmaher0.

Source: Read Full Article