In a press release (translated by Video Games Chronicle) Capcom revealed that a significant security breach that occurred this month has been pretty damaging. The attack was confirmed earlier this month and the worst was feared by many. The recent report reveals that a huge amount of data of a personal nature was stolen. Right up front though, it is unlikely that any user credit card data is at risk.
Capcom does confirm that various forms of personal info were stolen by the ransomware attack. The data included the personal information of current and former employees, as well as sales reports and financial information for the company and various staff. Another scary element is that some personal information for employees and their families, including phone numbers and e-mail addresses, also leaked. It appears as though the hackers intentionally targeted internal servers looking for HR data and other personal information. The hack managed to steal 14,000 HR items and various other elements of internal company information, in addition to a slew of other items.
The Capcom ransomware attack also compromised the customer service servers. The data surrounding the video game support help desk, Capcom Store and various other attached operations were also leaked. The total volume of compromised data is counted around 350,000 individual records.
The hack was first exposed on November 2, and since that time Capcom has been doing a lot of work investigating the scope of the issue and locking things down.
The report revealed that the company took their time because of the complexity of the attack, and they regret that it took them this long to deal with the initial problem.
“Investigation and analysis of this incident took additional time due to the targeted nature of this attack, which was carried out using what could be called tailor-made ransomware, as was covered in some media reports, aimed specifically at the company to maliciously encrypt the information saved on its servers and delete its access logs. Capcom regrets that this report could not be made sooner than today.”
For the next little bit, Capcom has involved authorities while securing the servers affected. The company has deployed fixes for identified issues and implemented additional security procedures and software to stall future hacks. The Japanese Personal Information Protection Company and various other organizations have been called in to help notify those affected of the breach of their data.
Capcom has offered its “sincerest apologies for any complications and concerns that this may bring to is potentially impacted customers as well as its many stakeholders” and that they will continue working with law enforcement in Japan and the US to help mitigate the impact of this disaster.
