Japan-based gaming company Capcom is one of the biggest entities in the world of video games, responsible for such household names as the Street Fighter and Resident Evil franchises. However, since November 2020, the gaming company has had growing numbers of attacks not from zombies, but from ransomware attacks.
Capcom has stated this month that the attacks that began in November has escalated and the personal data of up to 400,000 customers has been compromised – which is 40,000 more than was originally predicted.
On November 19th 2020, Capcom revealed that it’s personal and corporate data was compromised. Since then the attacks have continued in volume as the company divulged that the personal information of an additional 16,406 people was compromised, making the cumulative number since the investigation started 16,415.
On January 12th 2021 Capcom updated its report to reveal that the total of customers, business partners and other external parties personal information which had been compromised had increased around 40,000 people from the previous report to a figure of 390,000.
The investigation into the attack is still ongoing and the threat of further data being compromised is still ongoing, with further reports likely to come over the next month. The company has continued to issue apologies to its customers, partners and stakeholders.
The ransomware group Ragnar Locker is deemed as the highest likely culprit, with the ransom note present during the first incident having them claim responsibility as well as the admission they were responsible for the downloading of over 1tb of corporate data. Data that included banking details, contracts, proprietary data and more.
Data theft and ransomware attacks have targeted the gaming industry due to the ease of access to player accounts in gaining in-app purchases and level up rewards. If adults are spending money through the accounts, they are seen as items for sale.
Capcom customers have some solace in the fact that customer credit card data has not been stolen, reassuring players that it is safe to play and purchase games online. The at-risk areas that have been compromised contained any credit card information, with all transactions being handled by third-party service providers. Impacted areas of the company were not related to the systems where an internet connection and in-store purchases play a part for the customer.
Capcom continues to advise customers who have potentially been impacted on steps to take and continues its efforts with regards to law enforcement and IT security.