Capcom has confirmed that it has been the victim of a recent "customized ransomware attack" on its servers, resulting in the stealing of multiple items of personal information stolen from the company at the start of this month.
In a press release (spotted by Video Games Chronicle) Capcom revealed that the majority of the data taken included the personal information of current and former employees, as well as sales reports and financial information, but also confirmed a possibility of up to a further 350,000 further items compromising of Customer service video game support help desk, Capcom Store members, Esports operations website members, shareholders and former employees' (including family members) information including names, birthdates, phone numbers and email addresses. No credit card info is believed to have been stolen in the attack.
Evidence of the attack was first found on November 2 of this year, and on why it took Capcom so long to confirm it said: "Investigation and analysis of this incident took additional time due to the targeted nature of this attack, which was carried out using what could be called tailor-made ransomware, as was covered in some media reports, aimed specifically at the company to maliciously encrypt the information saved on its servers and delete its access logs. Capcom regrets that this report could not be made sooner than today."
Capcom says that for its part it has begun contacting individuals it has verified whose information has been compromised, as well as reported the incident to the police, GDPR (ICO in the United Kingdom) and the Japanese Personal Information Protection Company. It has also implemented protective software, shut down suspicious transmissions and restructured its servers, and called in a third party security as it continues its investigation.
The company has offered its "sincerest apologies for any complications and concerns that this may bring to is potentially impacted customers as well as its many stakeholders" and is co-operating with law enforcement authorities in Japan and in the US and will continue updating as the investigation progresses. Capcom is also in talks with external security experts to establish an advisory board regarding system security going forward to prevent the incident happening again.