A recent ransomware attack on Capcom may have compromised personal data for approximately 350,000 people, the company says. That information includes names, addresses, birthdates, phone numbers, passport info, “HR information,” and more. It includes individuals across Japan and North America.
In a post on its website, Capcom says it shut down its systems on November 2nd and began investigating. The company then confirmed “a targeted attack against the company using ransomware, which destroyed and encrypted data on its servers” by an organization demanding ransom money. “Because the overall number of potentially compromised data cannot specifically be ascertained due to issues including some logs having been lost as a result of the attack, Capcom has listed the maximum number of items it has determined to potentially have been affected at the present time,” the company says.
Capcom has confirmed nine former and current employees’ personal information has been exposed, while the fate of the larger swath of customer and business partner information remains in question. “Capcom will continue its investigation, beginning with contacting those individuals and other stakeholders whose information it has verified as having been compromised, while continuing to look into what other information was potentially taken,” the company writes. At-risk data does not contain any credit card information, Capcom confirmed.
The company says it will “endeavor to further strengthen its management structure while pursing legal options regarding criminal acts such as unauthorized access of its networks.” Other leaked information for release dates on games like Resident Evil Village has also been reported as part of the hack. Capcom has not verified these details.