British games studio Cloud Imperium says data breach compromised players' data

British games studio Cloud Imperium announced this week that it suffered a sophisticated cyber attack that gave hackers access to some users’ personal data as well as data stored in its backup systems.

 

The gaming studio, which develops and markets popular AAA games such as Star Citizen and Squadron 42, said the cyber attack occurred on January 21 and resulted in malicious actors gaining unauthorised access to "some backup systems, including limited access to users’ personal data."

 

"CIG acted quickly to contain the activity and block further access to this data and CIG systems, and we have refreshed security settings to ensure that there is no threat to our games or our users," the games studio said.

 

CIG said the data breach involved unauthorised access to some players’ names, metadata, contact details, usernames and dates of birth, but did not compromise players’ financial or payment information or passwords as the information was not stored in the affected systems.

 

"We are closely monitoring the situation and our systems to ensure that no further incidents occur. We are also taking steps to assess and detect whether any data that was accessed is released publicly. At this stage, there are no indications of any such activity," CIG said.

 

CIG was founded in 2012 as an independent video studio dedicated to delivering AAA games outside the established publisher system. With offices in Los Angeles; Austin, Texas; Frankfurt; and Manchester, the games studio specialises in running an "open development" model, sharing progress and updates with backers and players in real time.

 

The company did not specify whether the hackers encrypted its systems or demanded a ransom in exchange for the stolen data. The company did state that the accessed data was read-only and the malicious actors did not inject or modify the stored data.

 

"We are sharing this update in the interests of transparency. However, we do not anticipate that this incident will have any impact on our users," the company added. 

 

The cyber attack did not have a material impact on real-time gaming, but users took to social media to criticise the company’s delay in reporting the incident and not disclosing the incident on its website’s home page or by email. The company has set up a dedicated page on its website to help players share their concerns or questions about the data security incident.