Capcom Found Out Ransomware Actors May Have Stolen 350,000 Files

  • Capcom’s internal investigation is revealing a deep dent in the company’s IT networks.
  • A recent ransomware attack has resulted in the exfiltration of sensitive files, possibly in the hundreds of thousands.
  • The actors demand an $11 million payment in Bitcoin, but it’s unlikely they’ll get anything from the Japanese.

The Capcom internal investigation on the recent ransomware attack they experienced has yielded some bad news for the game maker and the people around it. More specifically, they’ve found that the number of files exfiltrated by the hackers could be up to 350,000, including confidential and sensitive personal information of customers, employees, and contractors.

Here’s what Capcom’s IT has now confirmed as definitely compromised:

  • Personal information of former employees, including names, signatures, addresses, and passports.
  • Personal information of current employees, including HR data, names, and signatures.
  • Sales reports
  • Financial information

The following data may have been stolen, but it’s not certain yet:

  • Japan: Customer service video game support help desk information (approx.134,000 items). Names, addresses, phone numbers, email addresses
  • North America: Capcom Store member information (approx. 14,000 items). Names, birthdates, email addresses
  • North America: Esports operations website members (approx. 4,000 items). Names, email addresses, gender information
  • List of shareholders (approx. 40,000 items). Names, addresses, shareholder numbers, amount of shareholdings
  • Former employee (including family) information (approx. 28,000 people); applicant information (approx. 125,000 people), Names, birthdates, addresses, phone numbers, email addresses, photos, etc.
  • Human resources information (approx. 14,000 people)
  • Confidential corporate information, including sales data, business partner information, sales documents, development documents, etc.

Capcom has already informed ICO in the UK, and the Personal Information Protection Commission in Japan, while the investigation is ongoing. Furthermore, law enforcement action against the actors will be sought in Japan and the United States. At the same time, those who are confirmed as compromised will be offered support in the form of identity protection services.

The ransomware actors that hit Capcom are “Ragnar Locker,” and they demanded the payment of $11 million in Bitcoin, threatening to release the stolen data in public. After ten days passed, the actors followed through on their threat and published samples of the exfiltrated data on their dedicated portal. In total, “Ragnar Locker” claim that they hold 1TB of sensitive data, including a lot more than what Capcom confirms now.

Whether or not Capcom is planning to negotiate the payment with Ragnar Locker now is doubtful. Still, since the Japanese mention law enforcement authorities in their announcement, we assume that they won’t pay a dime.

In the same context, they are playing down the significance of the incident by stating that its effect on the group’s consolidated business results will be negligible. That’s also another way of saying “we won’t pay.”

REVIEW OVERVIEW

Latest

How to Watch Boston Red Sox Games Online Without Cable

The Boston Red Sox are one of the most famous and popular professional sporting franchises, not just in the United States but...

Wimbledon 2022 Live Stream: How to Watch Tennis Online From Anywhere

This week, the top tennis players are preparing to participate in one of the most prestigious tennis tournaments in the world –...

How to Watch Westworld Season 4 Online From Anywhere

The fourth season of your favorite science fiction dystopian TV series is set to premiere soon, and we know you want to...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari