Capcom has published an official update to its investigation on the internal data breach caused by a ransomware attack. It confirmed that personal information from thousands of its employees and business partners got compromised.
While the previous report on November 16, 2020, only confirmed 9 instances of personal information breaches, the new press release added 16,406 more people to that verified list, bringing the total up to 16,415 people. Including the first nine people, the number consisted of 3,248 business partners, 9,169 former employees, and 3,998 active employees.
Capcom still has 390,000 more people, including approximately 58,000 applicants whose data may be potentially compromised. However, it removed 18,000 members from the North American store and esports websites from the potential number, as there was no evidence of data compromise from those sources.
The company once again assured the public that this attack did not compromise credit card information and customer-side networks like web stores and game servers, as they are handled on external servers. Capcom also has since restored most of its internal systems. Currently, the attack should have no effects on the group’s consolidated results for the current fiscal year ending in March 2021.
Capcom’s internal network systems were compromised by ransomware from Ragnar Locker on November 4, 2020. While it didn’t affect the company’s public websites, the attack breached internally stored data, including financial reports and game development documents.