Capcom Co., Ltd., the Japanese video game company known for Street Fighter and Resident Evil, has confirmed the compromise of personally identifiable information (PII) associated with over 350,000 customers, business partners, and employees of the gaming giant. The data was exfiltrated in a ransomware attack.
In a press release, Capcom announced that it was successfully breached in “a customized ransomware attack following unauthorized access” and that “some personal information maintained by the Capcom Group has been compromised.” The November 16 communiqué added that “additional personal and corporate information may have been compromised in this attack.”
Capcom initially reported that it experienced a cyberattack November 4 that caused it to pull some of its services offline, but downplayed the overall severity of the event, claiming that there had been “no indication” that customer information was accessed.
The attack has since become more clear, and the Ragnar Lock strain of ransomware has been identified as the malware used.
The information compromised is sensitive. It includes the names, signatures, passport information, and financial information of roughly 150,000 Capcom current and former employees and job applicants.
The names, addresses, phone numbers, and email addresses of roughly 200,000 customers and shareholders in Japan and North America were also potentially exposed.
“Capcom will continue its investigation, beginning with contacting those individuals and other stakeholders whose information it has verified as having been compromised, while continuing to look into what other information was potentially taken,” the company announced, while apologizing for the incident.