In February, Cyberpunk 2077 and Witcher developer CD Projekt Red reported that it had suffered a significant data breach, and that the cyber attackers had issued a ransom note for the stolen information. The company has issued an update, saying that it now believes all or part of that data is “currently being circulated on the Internet” and that it may include sensitive employee data.
As most gaming eyeballs were glued to the Summer Game Fest, CD Projekt tweeted the update, which remains vague on specifics, but warns that the data stolen in the breach likely contains “current/former employee and contractor details in addition to data related to our games.” The RPG game publisher says it cannot confirm whether or not this data has been altered by the thieves, but that it’s now apparently being made available on the internet.
“Currently, we are working together with an extensive network of appropriate services, experts, and law enforcement agencies,” CD Projekt writes. These include authorities at Poland’s General Police Headquarters, Interpol, and Europol. The company says it has also updated the president of the Personal Data Protection Office in Poland.
Here’s the tweet:
— CD PROJEKT RED (@CDPROJEKTRED) June 10, 2021
Since the breach, CD Projekt says it’s taken a number of measures to protect against another such occurrence, including a redesign of its core IT infrastructure, installing new next-generation firewalls, reducing the number of privileged accounts in the network, and expanding its internal security department.
You can head to the official site to read the update in full.
“We would also like to state that — regardless of the authenticity of the data being circulated — we will do everything in our power to protect the privacy of our employees, as well as all other involved parties,” CD Projekt writes. “We are committed and prepared to take action against parties sharing the data in question.”