Facepalm: Earlier this month, Capcom revealed that hackers breached its "internal network." At the time, the game maker said that no customer data was exposed. However, that was apparently not the case.
Capcom is now reporting that the November 2 internal network breach was a "customized ransomware attack." It says that contrary to its initial statement, some customer and corporate data was compromised. It estimated that about 350,000 users and employees might be affected.
"Because the overall number of potentially compromised data cannot specifically be ascertained due to issues including some logs having been lost as a result of the attack, Capcom has listed the maximum number of items it has determined to potentially have been affected at the present time," the company said.
Capcom confirms that a total of five former and four current employees' personal information was exposed, including names, signatures, addresses, passport information, and HR records. It also indicated that the attacker obtained corporate sales reports and other financial information.
The bad actors may also have gained access to around 151,000 help desk clients, Capcom Store patrons, and esports website members data. The cache of potentially exposed information contains customer and partner names, addresses, phone numbers, email addresses, birthdates, and gender information.
Additionally, a list of around 40,000 shareholders, 28,000 former employees, and 125,000 employee applicants may have been subject to the attack with similar information exposed. Capcom is currently investigating the matter and has not confirmed that attackers accessed this larger data cache.
"Capcom offers its sincerest apologies for any complications and concerns that this may bring to its potentially impacted customers as well as to its many stakeholders. As there is an ongoing investigation in place, it is possible that new facts may come to light going forward."
The company apologized for the security failure but reassures customers that the breach did not expose any credit card information. Capcom outsources transactions to a third-party vendor, so payment details are not kept on company servers.
Image credit: InfantryDavid