Capcom provides update on ransomware attack, confirms more personal data was compromised

A total of 16,415 people have been confirmed to have had their information accessed.

Image via Capcom

Capcom has provided several updates over the last few months about a ransomware attack that the company suffered back in November, which has now led to the confirmation of 16,415 people’s personal information being compromised. 

The initial attack took place on Nov. 2 when an organization called Ragnar Locker managed to gain unauthorized access to Capcom’s internal network and proceeded to demand ransom money while leaking internal details such as upcoming game releases. 

Since then, the Capcom Group has been investigating the breach and found more compromised information. Before this most recent update, the company was only able to confirm that nine current and former employees had their information accessed during the attack while saying a max of 350,000 people could be impacted. 

With today’s update, Capcom confirms that 16,415 people have had their names, email addresses, phone numbers, and additional information accessed. That breakdown includes 9,164 former employees, 3,994 current employees, and 3,248 business partners. 

Capcom has once again said that none of the at-risk data contains credit card information because the company uses a third-party service to complete online transactions and doesn’t maintain any of that information internally. 

The company has also raised the maximum number of people that could have been potentially affected from 350,000 to 390,000, with investigations still ongoing. 

“Capcom would once again like to reiterate its deepest apologies for any complications or concerns caused by this incident,” Capcom said. “As a company that handles digital content, it is regarding this incident with the utmost seriousness. In order to prevent the reoccurrence of such an event, it will endeavor to further strengthen its management structure while pursing legal options regarding criminal acts such as unauthorized access of its networks.”