Personal info of 350,000 customers and business partners may have been stolen in Capcom ransomware breach



At the beginning of November, Japanese game developer and publisher Capcom Group, a company behind well-known the Street Fighter, Resident Evil, and Monster Hunter series of games, was hit by a major cyber attack that impacted some of its business operations, including email and file servers. Now Capcom has shared some additional info on what happened and what data was compromised.

In a press release the company explained it was target of “a customized ransomware attack” carried out by the Ragnar Locker ransomware group, which destroyed and encrypted data on the game maker’s servers.

Capcom said it could only confirm the compromise of data on five former employees, four employees and some sales and financial info, however, the breach could be much more serious than anticipated.

According to the company, the incident may have affected some 350,000 customers and business partners. This includes: 134,000 customers who used the video game support help desk in Japan, 14,000 Capcom Store members in North America, 4,000 Esports website members in North America, 40,000 shareholders, 153,000 former employees, their families and applicants and 14,000 employees “and related parties” taken from HR.

The potentially compromised information includes names, home and email addresses, birthdates, shareholder numbers, phone numbers and photos. Capcom said that financial information was not accessed.

“None of the at-risk data contains credit card information. All online transactions etc. are handled by a third-party service provider, and as such Capcom does not maintain any such information internally,” the company added.

The cyber criminals behind the Ragnar Locker ransomware published nearly 60 GB of data allegedly stolen from Capcom on their leak site after the company refused to respond to their demands. While special software is needed to download the posted archives, some of the data is viewable, such as what appears to be images from passports, screenshots of confidential agreements, financial reports and bank statements.

Let's block ads! (Why?)

Continue reading...