Capcom admits thousands of gamers could be affected by cyberattack

Zero-day attack
(Image credit: Shutterstock.com)

Video game giant Capcom has revealed that it was recently hit by a ransomware attack that could affect up to 350,000 gamers.

The Japanese video game developer and publisher, which is best known for its Resident Evil, Street Fighter and Monster Hunter franchises, had previously said that there was no indication customer information had been accessed after it suffered a disruptive cyberattack earlier this month.

In a new update though, Capcom confirmed that its servers had been hit by a ransomware attack launched by the RagnarLocker group. The hackers responsible then posted the company's data on their dark-net website along with a message that said that the company didn't “make a right decision and save data from leakage”.

Based on this message, it appears Capcom did not pay RagnarLocker's ransom demands and that the company found another way to restore the encrypted data, possibly by using a cloud backup or disaster recovery service.

Customized ransomware attack

While 350,00 gamers may be affected by the ransomware attack launched against Capcom, the company explained in a press release that no credit card information was accessed by RagnarLocker as all online transactions are handled by a third party service provider, saying:

“None of the at-risk data contains credit card information. All online transactions etc. are handled by a third-party service provider, and as such Capcom does not maintain any such information internally. Because the overall number of potentially compromised data cannot specifically be ascertained due to issues including some logs having been lost as a result of the attack, Capcom has listed the maximum number of items it has determined to potentially have been affected at the present time.”

The information obtained from the ransomware attack includes various combinations of names, addresses, birthdays, phone numbers and email addresses depending on whether the data was obtained from Capcom's Japanese customer support (134,000 items), American Capcom Store (14,000 items) or e-sports organization (4,000 items). Additionally personal data was also captured from former Capcom employees (28,000 people) and applicants who applied to work at the company (125,000 people).

Capcom has notified the ICO in the UK, the Personal Information Protection Commission in Japan as well as local law enforcement regarding the incident. It has also “commissioned a third party security company to inspect system issues stemming from this incident”.

We'll likely find out more regarding the extent of RagnarLocker's ransomware attack on Capcom once it announces the results of this inspection though the company has said that it is safe for gamers to play its games and use its websites.

  • We've also highlighted the best VPN services

Via BBC

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.