A leading gaming company has revealed that a security breach announced earlier this month is much worse than first thought, with data on potentially hundreds of thousands of customers, employees and others compromised.
Nearly two weeks ago, Resident Evil developer Capcom revealed the breach, believed to be a ransomware attack, happened on November 2. At the time it said: “there is no indication that any customer information was breached.”
However, in an update post yesterday, the Osaka-headquartered firm admitted that some personal and corporate information had been taken.
Although at present Capcom could only confirm the compromise of data on five former employees, four employees and some sales and financial info, much more may have been taken.
Some 350,000 individuals may be at risk of data compromise. This includes: 134,000 customers who used the video game support help desk in Japan, 14,000 Capcom Store members in North America, 4000 Esports website members in North America, 40,000 shareholders, 153,000 former employees, their families and applicants and 14,000 employees “and related parties” taken from HR.
The potentially compromised information varies slightly by category, but includes names, home and email addresses, birthdates, shareholder numbers, phone numbers and photos.
Also at risk is an unspecified quantity of corporate information including sales data, business partner information, and sales and development documents.
“None of the at-risk data contains credit card information. All online transactions etc. are handled by a third-party service provider, and as such Capcom does not maintain any such information internally,” the notice continued.
“As the overall number of potentially compromised data cannot specifically be ascertained due to issues including some logs having been lost as a result of the attack, Capcom has listed the maximum number of items it has determined to potentially have been affected at the present time.”
Jon Niccolls, EMEA and APAC incident response lead at Check Point Software, claimed that so far this year over 500 organizations per week have been hit by ransomware which also attempts to steal sensitive data.
“To protect against these attacks, companies need to combine technology and processes: solutions that can prevent stealthy attacks and prevent data leaks, and educate employees about the risks of phishing emails, as this is how many ransomware attacks are launched,” he added.