The Japanese video game company known for the “Resident Evil” and “Street Fighter” series confirmed Monday that a ransomware attack in early November potentially exposed data about thousands of customers and business partners.
In a news release, Capcom said an investigation of the Nov. 2 breach showed that personal information of a handful of current and former employees definitely had been compromised, as well as company sales reports and other financial information. Another 350,000 records of employees, shareholders, customers and other business partners also may have been exposed, Capcom said, but it was unsure of the exact number because log files had been lost because of the attack.
The company confirmed that the ransomware gang known as Ragnar Locker was responsible for the attack, and said it had referred the matter to law enforcement in Japan and the U.S., as well as data protection agencies in Japan and Europe. Earlier reports had pinned the Capcom attack on the group. Ragnar Locker also was blamed in a recent attack on beverage company Campari.
Gaming companies represent inviting targets for cybercriminals, given the lucrative nature of the business and the global reach of best-selling titles. Capcom’s history as a developer and publisher stretches back to the 1980s.
“Investigation and analysis of this incident took additional time due to the targeted nature of this attack, which was carried out using what could be called tailor-made ransomware, as was covered in some media reports, aimed specifically at the company to maliciously encrypt the information saved on its servers and delete its access logs,” Capcom said Monday.
No credit card information was exposed in the attack, the company said. “All online transactions etc. are handled by a third-party service provider, and as such Capcom does not maintain any such information internally,” the news release said.
The potential North American victims of the breach include about 14,000 accounts on the Capcom Store website, where names, birthdates and email addresses were exposed, the company said.
Capcom said it is working with an unspecified third-party cybersecurity company to investigate the incident. The news release did not describe the exact nature of the attack, but researchers at Sophos said in May that the gang appears to have developed some novel techniques, such as deploying through “a full virtual machine on each targeted device to hide the ransomware from view.”