Capcom confirms data breach after gamers' data stolen in cyberattack

Japanese game giant Capcom has announced a data breach after confirming that attackers stole sensitive customer and employee information during a recent ransomware attack.

If you grew up going to arcades or playing video games, then Capcom is instantly recognizable as the developer of well-known game franchises, including Street Fighter, Resident Evil, Ghosts and Goblins, Devil May Cry, and Mega Man.

On November 2nd, 2020, Capcom was hit with a cyberattack that led to them shutting down portions of their network to halt the infection's spread.

It was soon learned that the Ragnar Locker ransomware operation caused Capcom's cyberattack after a security researcher found a sample of the malware used in their attack.

While almost all human-operated ransomware operations steal unencrypted files before encrypted devices as a double-extortion strategy, Capcom stated there was no indication that any data was stolen.

"Further, it stated that at present there is no indication that any customer information was breached," Capcom stated in a November 4th press release.

However, their statement contradicted stolen data samples seen by BleepingComputer and published by Ragnar Locker on their website and ransom note.

Capcom discloses data breach

In a data breach notification released today, Capcom has admitted that not only has confidential corporate documents been stolen, but that the threat actors stole customers' and employees' data as well.

During the attack, the hackers gained access to customers' names, addresses, gender, phone numbers, email addresses, birth dates, investor names, and amount of shareholdings, and photos.

For employees, the information exposed could include names, addresses, passport information, signatures, birth dates, phone numbers, photos, email addresses, and more.

The full list of stolen information is below:

Capcom states that no credit card information or payment transactions were accessed as they are processed by a third-party service provider.

What should Capcom users do?

It does not appear that account logins and passwords were accessed during this attack, but there was enough sensitive information exposed that affected people should be concerned.

In particular, threat actors could use this information in targeted phishing attacks that attempt to steal further sensitive information from employees and customers.

Therefore, if you receive an email stating it's from Capcom asking you for sensitive information, be suspicious of it and confirm that it is valid first.

To be safe, BleepingComputer also suggests that you change your Capcom password and make sure it is not used at any other site. While it does not appear that the attackers gained access to user databases, changing your password is an easy task that can save you a lot of headaches in the future.