Street Fighter maker Capcom hit by hack compromising personal data of gamers
16 November 2020, 13:54
The firm says up to 350,000 items of information could have been obtained by hackers, belonging to customers, shareholders and former employees.
Thousands of gamers have been warned their personal details may have been stolen in a hack affecting Japanese gaming giant Capcom.
The firm, famed for franchises including Street Fighter and Resident Evil, said it had been victim of a ransomware attack which started at the beginning of November.
Up to 350,000 items of information could have been obtained by hackers, not only belonging to customers but also shareholders and former employees of the company.
Data included a mix of names, addresses, phone numbers, email addresses and birthdates, but Capcom said no credit card information was taken.
So far, investigations by the firm have only been able to verify that nine people’s information was definitely compromised, all of whom were current or former employees.
Early indications suggest that only data held in Japan and the US were affected.
Capcom said a criminal organisation called Ragnar Locker was behind the breach, which “destroyed and encrypted data on its servers”.
As is the case in ransomware attacks, perpetrators demanded ransom money from Capcom to restore their systems.
Capcom did not confirm whether or not it met Ragnar Locker’s demands, though firms are told never to pay hackers.
The incident has been reported to the UK’s Information Commissioner Office (ICO) watchdog which deals with GDPR issues, as well as Japan’s Personal Information Protection Commission.
“Capcom offers its sincerest apologies for any complications and concerns that this may bring to its potentially impacted customers as well as to its many stakeholders,” the company said in a statement.
“As a company that handles digital content, it is regarding this incident with the utmost seriousness.
“In order to prevent the reoccurrence of such an event, it will endeavour to further strengthen its management structure while pursing legal options regarding criminal acts such as unauthorised access of its networks.”
