Capcom has provided an update on the ransomware attack it suffered earlier this month, saying that sales and financial information has been compromised, and that 350,000 pieces of personal information may also have been stolen. Rumours have begun to spread about information for unannounced games being included in the stolen data.
In an update on its investors website, the company says that an investigation is ongoing, but explained that, as of November 16, it could confirm that sales reports, financial information, and nine employees’ personal information had been compromised.
Less certain is personal information for customers and business partners, as logs appear to have been lost during the attack. Capcom says up to 350,000 records for addresses, phone numbers, email addresses, birthdates and more may have been compromised, but explained that none of the potentially stolen data includes credit card information. You can see the full list of compromised and potentially compromised data at the bottom of this story.
Capcom says it’s begin contacting anyone whose personal information has been confirmed as compromised, and says anyone who wants to inquire about their own information should contact their region’s Capcom customer support service.
The statement comes amid new rumours about the contents of that hack. Stemming from a now-locked 4Chan post, some claiming access to the stolen files have said that, among sales and financial data, the hack includes details of titles scheduled for the coming fiscal year, including PC ports for the upcoming Monster Hunter Rise and Monster Hunter Stories 2, an Oculus VR version of Resident Evil 4, unannounced games with codenames, and more. IGN has not been able to verify any of these rumours as of yet.
We’ve contacted Capcom for comment on both the hack itself, and the rumours, but received no reply at time of writing.
Capcom’s full list of compromised and potentiall compromised data follows:
1. Information verified to have been compromised
i. Personal information: 9 items
Personal information of former employees: 5 items
(Name & signature: 2 items; name & address: 1 item; passport information: 2 items)
Personal information of employees: 4 items
(Name and HR information: 3 items; name & signature: 1 item)
ii. Other information
2. Potentially compromised data
i. Personal information (customers, business partners, etc.): maximum of approx. 350,000 items
Japan: Customer service video game support help desk information (approx.134,000 items)
Names, addresses, phone numbers, email addresses
North America: Capcom Store member information (approx. 14,000 items)
Names, birthdates, email addresses
North America: Esports operations website members (approx. 4,000 items)
Names, email addresses, gender information
List of shareholders (approx. 40,000 items)
Names, addresses, shareholder numbers, amount of shareholdings
Former employees’ (including family) information (approx. 28,000 people);
applicants’ information (approx. 125,000 people)
Names, birthdates, addresses, phone numbers, email addresses, photos, etc.
ii. Personal information (employees and related parties)
Human resources information (approx. 14,000 people)
iii. Confidential corporate information
Sales data, business partner information, sales documents, development documents, etc.
None of the at-risk data contains credit card information. All online transactions etc. are handled by a third-party service provider, and as such Capcom does not maintain any such information internally.
Because the overall number of potentially compromised data cannot specifically be ascertained due to issues including some logs having been lost as a result of the attack, Capcom has listed the maximum number of items it has determined to potentially have been affected at the present time.