Capcom completes hack investigation, with 390,000 people potentially affected

Capcom has said it’s completed an investigation into a large data breach it suffered last year, and claimed that it’s determined that no credit card information was stolen.

The Resident Evil publisher first revealed last November that it had been the victim of a ransomware attack, which saw hundreds of thousands of pieces of personal data stolen from its servers, including the names and addresses of customers and former employees.

The company published an update on Tuesday claiming that none of the data that was at risk included credit card information.

“All online transactions etc. are handled by a third-party service provider on a separate system (not involved in this attack), and as such Capcom does not maintain any such information internally,” the update states.

The new update also reports that the total number of accounts confirmed to definitely have been compromised is 15,649, down 766 from the previous statement.

It has, however, not changed its estimate that the potential maximum number of customers, business partners and other external parties whose personal information may have been compromised in the attack is approximately 390,000 people.

That includes at least 134,000 items from Japan customer support, 14,000 items from the North American Capcom Store and 4,000 items from its Esports website. The information includes names and emails, and in the case of Japan addresses and phone numbers.

“Because a portion cannot specifically be ascertained due to issues including logs having been lost as a result of the attack, Capcom has included the maximum number of individuals whose data was maintained on all potentially compromised servers,” it said.

“Additionally, the company has not been able to confirm any damages, etc. resulting from actual misuse of the compromised information at this point in time.”

As first reported by a media outlet in November, the Resident Evil publisher was targeted by the Ragnar Locker hacker group, which Capcom said had sent it a message earlier the same month demanding money in exchange for data stolen from its servers.

Further reading

Capcom confirms its personal data breach is worse than first thought

16,406 people confirmed compromised; potential total increased to 390,000

At the time, media reports claimed that over 1TB of data had been stolen during the hack and that the hacker group was demanding $11m in bitcoin for return of the files. If no deal were made, then the data would be published or sold, a report by Bleeping Computers claimed.

The company has set up a Japan-only phoneline for individuals who wish to inquire about the personal information that has potentially been compromised (0120-400161). North American and European customers are advised to contact its customer support.