Read an update from pushsquare and Capcom's Website:
The one underlying positive is that the publisher is confident no credit card numbers have been exposed, but this is still enormously damaging for the organisation. Unannounced plans – such as the existence of a new Ace Attorney collection for the PlayStation 4, as well as a tentative April 2021 release date for Resident Evil: Village – have also emerged online.
In fact, so comprehensive is this leak that we also now know Sony paid $5 million for Resident Evil VII: Biohazard’s exclusive PlayStation VR mode, while Google coughed up $10 million to get the survival horror series on Stadia. The worry is that the worst is yet to come, as BBC News reports that Capcom has not paid the ransom fee to retrieve the data.
Capcom's update statement:
Capcom Co., Ltd. (Capcom) announced that it has been the victim of a customized ransomware attack following unauthorized access to its network and has verified that some personal information maintained by the Capcom Group has been compromised.
Further, the company also stated that it has confirmed the possibility that additional personal and corporate information may have been compromised in this attack, which is listed in "2. Potentially compromised data" below. At present, its content development and business are operating without impediment.
Capcom offers its sincerest apologies for any complications and concerns that this may bring to its potentially impacted customers as well as to its many stakeholders.
As there is an ongoing investigation in place, it is possible that new facts may come to light going forward. Below is a general summary of what has been confirmed at this point in time (as of November 16, 2020).
1. Information verified to have been compromised
i. Personal information: 9 items
- Personal information of former employees: 5 items
(Name & signature: 2 items; name & address: 1 item; passport information: 2 items)
- Personal information of employees: 4 items
(Name and HR information: 3 items; name & signature: 1 item)
ii. Other information
- Sales reports
- Financial information
2. Potentially compromised data
i. Personal information (customers, business partners, etc.): maximum of approx. 350,000 items
- Japan: Customer service video game support help desk information (approx.134,000 items)
Names, addresses, phone numbers, email addresses
- North America: Capcom Store member information (approx. 14,000 items)
Names, birthdates, email addresses
- North America: Esports operations website members (approx. 4,000 items)
Names, email addresses, gender information
- List of shareholders (approx. 40,000 items)
Names, addresses, shareholder numbers, amount of shareholdings
- Former employees' (including family) information (approx. 28,000 people);
applicants' information (approx. 125,000 people)
Names, birthdates, addresses, phone numbers, email addresses, photos, etc.
ii. Personal information (employees and related parties)
- Human resources information (approx. 14,000 people)
iii. Confidential corporate information
- Sales data, business partner information, sales documents, development documents, etc.
None of the at-risk data contains credit card information. All online transactions etc. are handled by a third-party service provider, and as such Capcom does not maintain any such information internally.
Because the overall number of potentially compromised data cannot specifically be ascertained due to issues including some logs having been lost as a result of the attack, Capcom has listed the maximum number of items it has determined to potentially have been affected at the present time.
3. Support for individuals whose personal information has been confirmed to have been compromised and those whose information has potentially been compromised
i. Action addressing personal or corporate information confirmed to have been compromised
Capcom has begun contacting individuals whose information it has verified to have been compromised to explain the background of this incident and current situation.
ii. Action addressing potentially compromised personal information
Capcom is continuing the investigation into information that has potentially been taken or compromised.
For individuals who wish to inquire about personal information that has potentially been compromised, please contact the following support desks in your country or region: