At the start of November, Capcom was the victim of a ransomware attack, purportedly undertaken by an organization called Ragnar Locker. Their statement at the time confirmed only nine active and or former employees had their information exposed. Now, it seems that number has been revised upward.
A statement released yesterday by the publisher has indicated that over 16,000 employees, business partners, and related individuals are confirmed to have had their information exposed by the hack. When the attack was initially reported on by Capcom, they speculated that there was a potential for up to 350,000 individuals to have been affected. This latest update has pushed that estimate to 390,000. There was no credit card related information, as Capcom apparently relied on third-party processors for those functions and does not retain any data from those transactions. And it does not appear to have touched any information relating to player accounts of any sort.
In their latest statement, the company apologized again to the affected individuals. "Capcom would once again like to reiterate its deepest apologies for any complications or concerns caused by this incident," they wrote. "As a company that handles digital content, it is regarding this incident with the utmost seriousness. In order to prevent the reocurrence of such an event, it will endeavor to further strengthen its management structure while pursing legal options regarding criminal acts such as unauthorized access of its networks."
Food For Thought
The process of identifying who may or may not have been affected by a data breach is not exactly quick. Capcom does seem to be taking its time, and the number of potential individuals being increased suggests that the ransomware attack was far worse than what was initially suspected. That said, Capcom clearly recognizes that they need to harden their internal systems and they appear to be working towards that goal. While it may be impossible to have perfect security, the problems that have been revealed by this incident are certainly correctable.