Capcom Confirms Data Breach After Gamers’ Data Stolen In Cyberattack

Japanese game giant Capcom has announced a data breach after confirming that attackers stole sensitive customer and employee information during a recent ransomware attack.

If you grew up going to arcades or playing video games, then Capcom is instantly recognizable as the developer of well-known game franchises, including Street Fighter, Resident Evil, Ghosts and Goblins, Devil May Cry, and Mega Man.

On November 2nd, 2020, Capcom was hit with a cyberattack that led to them shutting down portions of their network to halt the infection’s spread.

It was soon learned that the Ragnar Locker ransomware operation caused Capcom’s cyberattack after a security researcher found a sample of the malware used in their attack.

Also Read: How Formidable is Singapore Cybersecurity Masterplan 2020?

While almost all human-operated ransomware operations steal unencrypted files before encrypted devices as a double-extortion strategy, Capcom stated there was no indication that any data was stolen.

“Further, it stated that at present there is no indication that any customer information was breached,” Capcom stated in a November 4th press release.

However, their statement contradicted stolen data samples seen by BleepingComputer and published by Ragnar Locker on their website and ransom note.

Capcom discloses data breach

In a data breach notification released today, Capcom has admitted that not only has confidential corporate documents been stolen, but that the threat actors stole customers’ and employees’ data as well.

During the attack, the hackers gained access to customers’ names, addresses, gender, phone numbers, email addresses, birth dates, investor names, and amount of shareholdings, and photos.

For employees, the information exposed could include names, addresses, passport information, signatures, birth dates, phone numbers, photos, email addresses, and more.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?