Capcom confirms at least 16,000 people affected by Nov. data breach
Back in November, Capcom announced that personal data for up to 350,000 people may have been revealed by a “customized ransomware attack” on its systems. Today, the company announced that the number has grown to 390,000 potential victims, including over 16,000 confirmed to have had their information compromised.
The group of 16,415 people whose personal data was definitely taken is primarily made up of Capcom business partners and current and former employees, who had their name, email address, and other contact information revealed.
Capcom is also now confirming earlier suspicions that company information, including “sales reports, financial information, game development documents, [and] other information related to business partners,” was taken during the attack. Documents matching that description have been circulating around certain corners of the Internet since November.
In addition to the confirmed breaches, Capcom now says that roughly 58,000 job applicants are newly among those potentially affected by the data breach. But Capcom says it “currently does not see evidence for the possibility of data compromise” for about 18,000 people who used the Capcom North America store or participated in Capcom’s North American esports teams.
Capcom is reiterating that individual credit card data—which is handled by a third-party provider—was not at risk in this attack. Capcom also says the affected servers are “unrelated to those systems used when connecting to the internet to play or purchase the company’s games online,” so those who merely play Capcom games shouldn’t have to worry.
“Capcom would once again like to reiterate its deepest apologies for any complications or concerns caused by this incident,” the company writes. “As a company that handles digital content, it is regarding this incident with the utmost seriousness. In order to prevent the reoccurrence of such an event, it will endeavor to further strengthen its management structure while pursing legal options regarding criminal acts such as unauthorized access of its networks.”