Capcom Verifies Compromised Data Following Unauthorized Network Attack
posted on by Alex Mateo
CAPCOM announced on Monday that unauthorized access to its network has led to a customized ransomware attack. The company revealed that some personal information maintained by the CAPCOM Group has been compromised, including personal information of current and former employees, sales reports, and financial information.
CAPCOM also stated that the attack may have compromised additional personal and corporate information.The potentially compromised personal data includes Japanese customer service video game support help desk information, North American CAPCOM Store and Esports operations website member information, a shareholder list, and personal information on former employees, their families, applicants, and human resources workers. Potentially compromised corporate data includes sales data, business partner information, sales documents, and development documents. CAPCOM verified that none of this data contains credit card information.
The company is contacting individuals whose information has been compromised in order to explain the incident. CAPCOM is carrying out an ongoing investigation to look into potentially compromised data.
CAPCOM had announced on November 4 that some of the company group's networks experienced issues due to unauthorized access from a third party that affected access to its systems, including email and file servers, starting on November 2 in the early morning. The company halted some internal network operations. CAPCOM verified that it discovered a message from a criminal organization "Ragnar Locker" and contacted the Osaka Prefectural Police after confirming that the group was demanding ransom money. The company discovered compromised items on November 12.
As of Monday, CAPCOM has reported network issues to the supervisory authority under General Data Protection Regulation (Information Commissioner's Office in the U.K.) and the Personal Information Protection Commission in Japan. The company has also implemented protective software, shut down suspicious transmissions, and carried out server reconstruction. CAPCOM hired a third-party security company, and it has arranged a reporting and consulting structure of with a major software company, security specialist vendor, and law offices.
CAPCOM will continue coordinating with law enforcement authorities in the U.S. and Japan, a major information technology security specialist company, and external security experts.
The incident has not affected CAPCOM's online game connections or website access. The company apologized for any concerns regarding this incident, and it stated that it believes any effect on CAPCOM Group's consolidated business results for this fiscal year will be negligible.