Capcom releases Press Statement on Ransomware attack

  • Facebook
  • Twitter
  • Instagram
  • YouTube

Author:

Jordan Smith

Publish Date:

16 Nov 2020

As you may have seen today Capcom have suffered a ransomware attack. The hacker has taken an abundance of information including information about upcoming releases, unannounced titles, and past titles. We at 3Bit will not be reporting on any of these leaks until it comes from Capcom directly. Today Capcom have released a press statement about the Ransomware attack which initially took place on November 2nd.The Statement confirms what Personal Data has been stollen from Capcom along with what personal information has potentially been stolen. You can check out the full statement below which comes directly from the Capcom website.

Capcom Co., Ltd. (Capcom) announced that it has been the victim of a customized ransomware attack following unauthorized access to its network and has verified that some personal information maintained by the Capcom Group has been compromised. Further, the company also stated that it has confirmed the possibility that additional personal and corporate information may have been compromised in this attack, which is listed in "2. Potentially compromised data" below. At present, its content development and business are operating without impediment. Capcom offers its sincerest apologies for any complications and concerns that this may bring to its potentially impacted customers as well as to its many stakeholders. As there is an ongoing investigation in place, it is possible that new facts may come to light going forward. Below is a general summary of what has been confirmed at this point in time (as of November 16, 2020). 1. Information verified to have been compromised i. Personal information: 9 items • Personal information of former employees: 5 items (Name & signature: 2 items; name & address: 1 item; passport information: 2 items) • Personal information of employees: 4 items (Name and HR information: 3 items; name & signature: 1 item) ii. Other information • Sales reports • Financial information

2. Potentially compromised data i. Personal information (customers, business partners, etc.): maximum of approx. 350,000 items • Japan: Customer service video game support help desk information (approx.134,000 items) Names, addresses, phone numbers, email addresses • North America: Capcom Store member information (approx. 14,000 items) Names, birthdates, email addresses • North America: Esports operations website members (approx. 4,000 items) Names, email addresses, gender information • List of shareholders (approx. 40,000 items) Names, addresses, shareholder numbers, amount of shareholdings • Former employees' (including family) information (approx. 28,000 people); applicants' information (approx. 125,000 people) Names, birthdates, addresses, phone numbers, email addresses, photos, etc. ii. Personal information (employees and related parties) • Human resources information (approx. 14,000 people) iii. Confidential corporate information • Sales data, business partner information, sales documents, development documents, etc. None of the at-risk data contains credit card information. All online transactions etc. are handled by a third-party service provider, and as such Capcom does not maintain any such information internally. Because the overall number of potentially compromised data cannot specifically be ascertained due to issues including some logs having been lost as a result of the attack, Capcom has listed the maximum number of items it has determined to potentially have been affected at the present time.

3. Support for individuals whose personal information has been confirmed to have been compromised and those whose information has potentially been compromised i. Action addressing personal or corporate information confirmed to have been compromised Capcom has begun contacting individuals whose information it has verified to have been compromised to explain the background of this incident and current situation. ii. Action addressing potentially compromised personal information Capcom is continuing the investigation into information that has potentially been taken or compromised. For individuals who wish to inquire about personal information that has potentially been compromised, please contact the following support desks in your country or region: Japan: Capcom Data Security Incident Support Line (Japanese only) Tel. (toll-free): Game customer inquiries 0120-400161 General inquiries 0120-896680 Hours: 10:00 AM - 08:00 PM North America: Capcom USA Customer Support Page www.capcom.com/support EMEA: Capcom Europe Customer Support feedback@capcom.com 4. Detection and action taken i. • In the early morning hours of November 2, 2020 after detecting connectivity issues with its internal network, Capcom shut down its systems and began investigating the situation. • Capcom confirmed that this was a targeted attack against the company using ransomware, which destroyed and encrypted data on its servers. • The company discovered a message from a criminal organization that calls itself Ragnar Locker, and after ascertaining that ransom money was being demanded, contacted the Osaka Prefectural Police. • On November 4, 2020 the company issued the following press release: "Notice Regarding Network Issues due to Unauthorized Access." • On November 12, 2020, Capcom verified that nine items of personal information and some corporate information had been compromised. • In addition to these confirmed nine items, the company continued its investigation into the scope of potentially compromised information, making a public disclosure of this on November 16, 2020 (this release). Investigation and analysis, etc., of this incident took additional time due to issues such as the information saved on servers being encrypted and access logs being deleted in the attack. ii. At this point, Capcom has reported the occurrence of network issues to the supervisory authority under GDPR (ICO in the United Kingdom), and the Personal Information Protection Commission (Japan). iii. The company implemented protective software, shut down all suspicious transmissions, and carried out reconstruction of the servers. It is carrying out an ongoing investigation into the information that had been saved in each of its departments based on the servers it has recovered. iv. The company has already commissioned a third-party security company to inspect system issues stemming from this incident. Capcom plans to announce the results of this inspection separately, when available. v. Further, the company has arranged a structure of reporting and consultation with a major software company, a major security specialist vendor and law offices with extensive knowledge of system security. Capcom will continue its investigation, beginning with contacting those individuals and other stakeholders whose information it has verified as having been compromised, while continuing to look into what other information was potentially taken. Investigation and analysis of this incident took additional time due to the targeted nature of this attack, which was carried out using what could be called tailor-made ransomware, as was covered in some media reports, aimed specifically at the company to maliciously encrypt the information saved on its servers and delete its access logs. Capcom regrets that this report could not be made sooner than today. The company asks that everyone potentially affected by this incident practice an abundance of caution, looking out for any suspicious packages received by mail or messages that could potentially be received. 5. Measures going forward i. Capcom will continue coordinating with law enforcement authorities in Japan and the U.S., and also give timely reports to and receive advice from the institutions responsible for the protection of personal information in each country. ii. As stated above, the company is coordinating with parties such as a major IT security specialist company to work toward understanding the overall damage caused by the attack and preventing any reoccurrence. iii. Capcom is in discussions with external security experts. It plans to newly establish an advisory board regarding system security working towards preventing any reoccurrence. Additionally, it is safe for Capcom customers or others to connect to play the company's games online and access its websites. Presently, while the company believes that any effect from this incident on the Capcom Group's consolidated business results (for the fiscal year ending March 31, 2021) will be negligible, the company will swiftly make an announcement in the case that any further disclosure is necessary. Capcom would once again like to reiterate its deepest apologies for any complications or concerns caused by this incident. As a company that handles digital content, it is regarding this incident with the utmost seriousness. In order to prevent the reoccurrence of such an event, it will endeavor to further strengthen its management structure while pursing legal options regarding criminal acts such as unauthorized access of its networks.

Support 3-Bit - It takes 2 Minutes:

Its the people who support us who enable us to keep 3-Bit alive. If you've enjoyed the content from this article and want to see more, please support us by following us on social media. The banner here will allow you to get directly to our pages without closing this page! Thank you

- The 3-Bit Team

More News and Latest Highlights

3-Bit Logo 2.png
It is time to get clean in Janitor Bleeds

05/04/22, 16:00

It is time to get clean in Janitor Bleeds

What do You See In The Mirror Forge

30/03/22, 16:00

What do You See In The Mirror Forge

PlayStation  Reveals A New Subscription Service For Games

29/03/22, 14:00

PlayStation Reveals A New Subscription Service For Games

Lets Go Camping with Camping Builder

22/03/22, 17:30

Lets Go Camping with Camping Builder

Zoeti A Royal Flush In The Making

18/03/22, 17:00

Zoeti A Royal Flush In The Making

Diplomacy Is Not An Option

10/02/22, 15:30

Diplomacy Is Not An Option

Who Watches the Watcher In Newly Released Watcher Chronicles

10/02/22, 14:30

Who Watches the Watcher In Newly Released Watcher Chronicles

Hidden Deep  A Claustrophobic nightmare

01/02/22, 15:30

Hidden Deep A Claustrophobic nightmare

PlayStation Strike Back With new Acquisition

01/02/22, 12:30

PlayStation Strike Back With new Acquisition

The West Is Getting Weird

26/01/22, 15:30

The West Is Getting Weird

Editors Picks Best of 2021

31/12/21, 14:30

Editors Picks Best of 2021

White Shadows Takes Us Into A World Of Monochrome

14/12/21, 14:30

White Shadows Takes Us Into A World Of Monochrome

Exclusive First Look At Kotor Remake

01/04/22, 05:00

Exclusive First Look At Kotor Remake

Are you Ready For Your last Visit

29/03/22, 16:30

Are you Ready For Your last Visit

Gran Turismo To Bring More Fixes In April

25/03/22, 13:30

Gran Turismo To Bring More Fixes In April

The Witcher Is Returning Here Is What We Know

22/03/22, 18:30

The Witcher Is Returning Here Is What We Know

The Last Defence Comes to PC next Month!

17/02/22, 09:00

The Last Defence Comes to PC next Month!

Kingdom Of The Dead Releases Today

10/02/22, 15:00

Kingdom Of The Dead Releases Today

This Means Warp To be Published By Jagex

03/02/22, 15:30

This Means Warp To be Published By Jagex

Why I Cannot Wait For Kardboard Kings

01/02/22, 14:30

Why I Cannot Wait For Kardboard Kings

EA Plans to release 3 New Star Wars games

26/01/22, 16:30

EA Plans to release 3 New Star Wars games

Xbox To Acquire ActiBliz The 3Bit Take

19/01/22, 16:30

Xbox To Acquire ActiBliz The 3Bit Take

Breakwaters A Titan of a survival game

16/12/21, 17:00

Breakwaters A Titan of a survival game

Star Wars Eclipse Enters The High republic

10/12/21, 15:30

Star Wars Eclipse Enters The High republic