Last week, rumours that suggested Capcom had been the victim of a ransomware attack started doing the rounds. According to the information shared online, the Ragnar Locker ransomware gang had openly revealed that they were the ones behind the attack.
Reportedly, over 1 TB of unencrypted files from Capcom's database were stolen, including corporate networks in Japan, the United States, and Canada — leading Capcom to quickly releas a statement in which they reassured that there was "no indication that any customer information was breached."
It was also revealed that the hacker group was demanding Capcom to pay up to $11 million in bitcoin, or else they would be making the aforementioned unencrypted files public; from banking files to information about clients and personal information, as well as intellectual property.
In an official press release, Capcom has now revealed that over 350,000 items of personal data were stolen from their servers, and these include all kinds of sensitive information that can affect the lives of customers, employees, and even former employees, as addresses and personal data are confirmed to have been stolen.
Video Games Chronicle reports that 134,000 items from Japan customer support, a total of 14,000 items from the North American Capcom Store, and 4,000 items from Capcom's eSports website were stolen; information that includes, as mentioned above, sensitive data like names, addresses, phone numbers, and even photographs.
To make matters worse, as it has also been reported that the data stolen also includes information about job applicants, former employees and their families; up to 153,000 stolen items confirmed.
Stolen information about shareholders, their names, addresses, and shareholdings include over 40,000 items, plus 14,000 items pretaining Human Resources that include confidential information about sales, business partners, and development.
Capcom's statement reads as follows:
"Capcom would once again like to reiterate its deepest apologies for any complications or concerns caused by this incident. As a company that handles digital content, it is regarding this incident with the utmost seriousness. In order to prevent the reoccurrence of such an event, it will endeavor to further strengthen its management structure while pursing legal options regarding criminal acts such as unauthorized access of its networks."
This is indeed concerning, but at least Capcom is doing everything within their reach to tackle the problem this ransomware attack has brought. Unfortunately, it seems that not much can be done about the information that was already stolen, especially because it could affect thousands of Capcom eployees.