Capcom, the Japanese video games giant that owns popular gaming titles such as Street Fighter, Resident Evil, and Devil May Cry, has confirmed that the Ragnar Locker ransomware attack, that struck its systems in November, compromised the personal data of 390,000 customers, business partners, and other external parties.
The successful Ragnar Locker attack was first revealed by Capcom in early November via a press notification in which the company said the ransomware operators were able to successfully encrypt a large number of files stored in internal servers and subsequently demanded a ransom from the company.
Capcom said at that time that the ransomware attack potentially compromised the personal information of around 350,000 people. Such information included the names, addresses, phone numbers, and email addresses of 134,000 Japanese customers, the names, dates of birth, and email addresses of 14,000 Capcom Store members in North America, the names, email addresses, and gender information of 4,000 Esports website members in North America, and the names, addresses, shareholder numbers, and the quantum of shareholdings of 40,000 shareholders.
The potentially compromised information also included the names, dates of birth, addresses, phone numbers, email addresses, and photos of approximately 28,000 former employees and their family members as well as detailed personal information of approximately 125,000 applicants.
Capcom also feared that the Ragnar Locker hacker group gained access to sales data, business partner information, sales documents, development documents, etc., and human resources information of approximately 14,000 people. However, no payment card data was compromised as all online transactions are handled by a third-party service provider.
Earlier this week, Capcom issued a fresh update with reference to the Ragnar Locker ransomware attack, confirming that the attack compromised the personal information associated with approximately 390,000 people- 40,000 more than it initially estimated.
The list of affected people included approximately 58,000 applicants whose names, addresses, phone numbers, or email addresses were accessed by hackers. However, the company has determined following an investigation that the ransomware attack did not affect 14,000 Capcom Store members in North America or 4,000 Esports website members in the region.
The company said that it is now working with an IT security firm to understand the overall damage caused by the attack and to prevent any reoccurrence, coordinating with law enforcement authorities in Japan and the US, and working towards setting up an Information Technology Security Oversight Committee, which will function as an advisory group on matters related to system security from external security experts.
"Capcom would once again like to reiterate its deepest apologies for any complications or concerns caused by this incident. As a company that handles digital content, it is regarding this incident with the utmost seriousness.
"In order to prevent the reoccurrence of such an event, it will endeavor to further strengthen its management structure while pursuing legal options regarding criminal acts such as unauthorized access of its networks," the company said.