Capcom has confirmed that it’s been the subject of a ransomware attack, which has compromised a wide array of the company’s private information. The breach occurred on November 2, and on November 4 Capcom issued a press release which said “at present there is no indication that any customer information was breached”. However, in today’s release, Capcom says some player information is among the compromised data.
Names, birthdates, and email addresses for North American Capcom store customers have been compromised, as have names, email addresses, and gender information for North American Capcom esports website members. Japanese customer service data including names, addresses, phone numbers, and email addresses have also been compromised.
Capcom says no credit card information has been compromised, as the company uses a third-party service provider and does not keep that information internally. But the company also says it cannot yet confirm the full scope of the attack, so there is the possibility that more customer information, in addition to that listed above, has been compromised.
The breach has revealed a much larger slate of internal Capcom info. Current and former employees, plus their families, and previous applicants have had names, phone numbers, photos, and more compromised.
The attack has also compromised “sales data, business partner information, sales documents, development documents,” and more, including some information on Capcom’s upcoming releases. (Bear in mind if you come across such leaked information, however, that it’s all subject to change pending official announcements.)
Capcom says the group Ragnar Locker is behind the ransomware attack, and has been working with authorities in Japan and the US regarding the incident. The company has also brought in an outside IT security company for consultation.