Street Fighter maker Capcom hit by hack compromising personal data of gamers

Street Fighter
Street Fighter
13:47pm, Mon 16 Nov 2020
CBAD8A00-D2B9-4E0E-ADDF-D0366C357A34 Created with sketchtool. E9A4AA46-7DC3-48B8-9CE2-D75274FB8967 Created with sketchtool. 65CCAE04-4748-4D0F-8696-A91D8EB3E7DC Created with sketchtool.

Thousands of gamers have been warned their personal details may have been stolen in a hack affecting Japanese gaming giant Capcom

The firm, famed for franchises including Street Fighter and Resident Evil, said it had been victim of a ransomware attack which started at the beginning of November.

Up to 350,000 items of information could have been obtained by hackers, not only belonging to customers but also shareholders and former employees of the company.

Data included a mix of names, addresses, phone numbers, email addresses and birthdates, but Capcom said no credit card information was taken.

So far, investigations by the firm have only been able to verify that nine people’s information was definitely compromised, all of whom were current or former employees.

Capcom offers its sincerest apologies for any complications and concerns that this may bring to its potentially impacted customers as well as to its many stakeholders

Early indications suggest that only data held in Japan and the US were affected.

Capcom said a criminal organisation called Ragnar Locker was behind the breach, which “destroyed and encrypted data on its servers”.

As is the case in ransomware attacks, perpetrators demanded ransom money from Capcom to restore their systems.

Capcom did not confirm whether or not it met Ragnar Locker’s demands, though firms are told never to pay hackers.

The incident has been reported to the UK’s Information Commissioner Office (ICO) watchdog which deals with GDPR issues, as well as Japan’s Personal Information Protection Commission.

“Capcom offers its sincerest apologies for any complications and concerns that this may bring to its potentially impacted customers as well as to its many stakeholders,” the company said in a statement.

“As a company that handles digital content, it is regarding this incident with the utmost seriousness.

“In order to prevent the reoccurrence of such an event, it will endeavour to further strengthen its management structure while pursing legal options regarding criminal acts such as unauthorised access of its networks.”

Sign up to our newsletter