Capcom has confirmed an attack which crippled its systems earlier this month was a customised ransomware attack and may have compromised the personal details of up to 350,000 individuals.
The Japanese video games developer detected a security breach that affected its internal file and email systems on 2 November, when some of the company’s networks experienced issues that limited employee access to Capcom systems.
It’s since become clear the company was targeted by a group called Ragnar Locker, which destroyed and encrypted data on its servers. Capcom approached the police and began an internal investigation to understand the full scale of the attack.
Further information now confirms anxieties that personal information, employees’ data, and sensitive corporate material was compromised during the incident, with up to 350,000 individuals affected.
“Investigation and analysis of this incident took additional time due to the targeted nature of this attack, which was carried out using what could be called tailor-made ransomware, as was covered in some media reports, aimed specifically at the company to maliciously encrypt the information saved on its servers and delete its access logs,” the company said.
“Capcom regrets that this report could not be made sooner than today. The company asks that everyone potentially affected by this incident practice an abundance of caution, looking out for any suspicious packages received by mail or messages that could potentially be received.”
The personal information of former employees compromised includes their names and signatures, addresses and passport information, while the personal information of current employees includes name and HR information, as well as name and signature. Other information stolen includes sales reports and financial data.
Among the confidential corporate information compromised in the hack, the company’s sales data, business partner information, sales documentation, and development documents, were among the items accessed.
None of the at-risk data contained credit card information since all online transactions are handled by a third-party service provider. Capcom, as such, doesn’t hold such information itself. The exact number of people affected, meanwhile, cannot be determined as some of the logs were lost in the attack, so the company offered the maximum number of individuals potentially affected.
RELATED RESOURCE
The business guide to ransomware
Everything you need to know to keep your company afloat
To mitigate the effects, the company has installed protective software onto its systems, shut down suspicious transmissions, and carried out a reconstruction of its servers. Capcom has also commissioned a third-party security firm to inspect system issues stemming from the incident, the results of which will be published separately.
The firm has also arranged a structure of reporting and consulting with a major software company, security specialist vendor and law offices with extensive knowledge of security.
06/11/2020: Games company Capcom hit by cyber attack
Japanese games developer Capcom has suffered a security breach that affected its internal file and email systems, the company has revealed.
Famous for video games such as “Resident Evil” and “Street Fighter”, Capcom said it first noticed problems in the early hours of 2 November, when some of the Capcom Group networks experienced issues that limited access to certain systems, including email and file servers.
The company has confirmed that this was due to "unauthorised access carried out by a third party" and that it has "halted some operations of its internal networks as of November 2".
Capcom has not said who was behind the attack or how they managed to breach its systems. It added that, at present, “there is no indication that any customer information was breached”.
“This incident has not affected connections for playing the company's games online or access to its various websites,” the statement added. It also said that the company is now cooperating with law enforcement agencies “as well as other related authorities while both carrying out an investigation and taking measures to restore its systems”.
According to reports from Bleeping Computer, Capcom may have been the victim of a ransomware attack as the publication was able to access a ransom note created on Capcom's computers during the attack.
In a separate announcement, Capcom warned that it was not in a position to respond to contact requests made through its investor relations form.
“We are currently unable to reply to inquiries and/or to fulfill requests for documents via this form following the network issues that began November 2, 2020,” said Capcom.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the last
News Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackersNews Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Healthcare systems are rife with exploits — and ransomware gangs have noticedNews Nearly nine-in-ten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
-
Alleged LockBit developer extradited to the USNews A Russian-Israeli man has been extradited to the US amid accusations of being a key LockBit ransomware developer.
-
February was the worst month on record for ransomware attacks – and one threat group had a field dayNews February 2025 was the worst month on record for the number of ransomware attacks, according to new research from Bitdefender.
-
CISA issues warning over Medusa ransomware after 300 victims from critical sectors impactedNews The Medusa ransomware as a Service operation compromised twice as many organizations at the start of 2025 compared to 2024
-
Warning issued over prolific 'Ghost' ransomware groupNews The Ghost ransomware group is known to act fast and exploit vulnerabilities in public-facing appliances
-
The Zservers takedown is another big win for law enforcementNews LockBit has been dealt another blow by law enforcement after Dutch police took 127 of its servers offline
