Gaming company Capcom has discovered that the number of customers whose data may have been compromised following a recent cyber-attack is much higher than previously thought.
The Osaka-headquartered company became the victim of a ransomware attack in the beginning of November last year.
On November 16, Capcom announced that it had verified that the personal information of 9 people had been compromised in this attack. A further 350,000 individuals were confirmed to be at risk of data compromise, including 134,000 customers who used the video game support help desk in Japan; 14,000 Capcom Store members in North America; 4,000 Esports website members in North America; 40,000 shareholders; 153,000 former employees, their families, and applicants; and 14,000 employees “and related parties” taken from HR.
In a third update to its ongoing investigation, issued on January 12, the company has now confirmed that the personal data of an additional 16,406 people had been exposed to cyber-criminals. Among the information exposed was names, addresses, phone numbers, email addresses of business partners, employees, and former employers, along with sales reports and game development documents.
Capcom added that the data of tens of thousands of additional individuals may have been exposed. The developer of Resident Evil stated that “the company has also ascertained that the potential maximum number of customers, business partners and other external parties etc., whose personal information may have been compromised in the attack is approximately 390,000 people (an increase of approximately 40,000 people from the previous report).”
None of the at-risk data was found to contain credit card information. Capcom said it does not maintain such information internally as the company’s online transactions are handled by a third-party service provider.
Capcom added: “Additionally, the areas that were impacted in this attack are unrelated to those systems used when connecting to the internet to play or purchase the company’s games online, which have continued to utilize either an external third-party server or an external server.”
The company offered its sincerest apologies for any complications and concerns that this latest update may bring to its potentially impacted customers as well as to its many stakeholders.
Source: Infosecurity Magazine