Last November Capcom reported they had fallen victim to a ransomware data breach, and that the information of roughly 350,000 people had been compromised. Today the company released an update on the attack, confirming it’s verified the personal information of over 16,000 of those affected. But, the statement wasn’t all good news: turns out Capcom’s initial count was short a few thousand people.
Capcom raises count of those affected by data breach to 390,000.
In a statement released on the Capcom investor relationship website, the company revealed the ransomware attack was worse than they initially estimated. Capcom raised the number of those potentially affected in the hack to 390,000 – up 40,000 since they first announced the breach in November. The company increased the estimate by 58,000 at first, but removed 18,000 members from their North American store and eSports ops website.
Capcom has at least verified the information of some of those affected by the attack: 16,415 people have had their personal details stolen as of Capcom’s count this month. Of those 16,415 people, 9146 are former employees, 3994 are current employees or related parties, and 3248 are business partners. The information potentially leaked includes “name, email address, their HR information, sales reports, financial information, game development documents, other information related to business partners”.
The statement from Capcom does state that “none of the at-risk data contains credit card information,” which is at least a minor comfort to those affected. Since Capcom uses a third-party for their online transactions they don’t store any of that information themselves, and they further added that systems tied to online play were not impacted by the breach since they too use a third-party.
Chinese hacker group Ragnar Locker has claimed credit for the attack, and they are demanding $11 million in bitcoin for the return of the 1TB of data they stole. As is the case with most ransomware attacks, the group has threatened to sell or publish the stolen data if Capcom refuses to cut a deal. If you live in North America and are concerned your information may have been leaked, Capcom suggests you call its customer support line. While the breach appears to have largely affected those directly attached or partnered with Capcom, it never hurts to be safe.