Last November, Capcom suffered a cyber “ransomware” attack in which 16,415 individuals had their information accessed and compromised via the company’s internal servers.
And in a new report from the Japanese Business Journal, an anonymous internal report alleges that the company forced employees to work from its physical office despite the government asking Osaka—where Capcom’s main headquarters is located—and Kyoto residents to try and work from home due to a rise in COVID-19 cases.
The Business Journal was provided what looks to be an internal email from Capcom to its employees that said the company would be “abandoning the remote network” and deciding there is “no choice but to come to work.” This decision was made specifically because of the damages caused by the ransomware attack.
This, according to the Business Journal’s original source, led to a lot of employees worrying about their health and job security since part of Capcom’s messaging basically told the workers that anyone who disagreed or complained with the orders would face potential employment restrictions. One employee even said that, in some cases, workers seemed like they were being urged to retire.
The Business Journal pointed out that this positioning isn’t uncommon for Capcom. Flexible work hours and other benefits reportedly heavily depend on an employee’s position within the company and the developer/publisher doesn’t allow a worker’s labor union.
Capcom did respond to the Business Journal’s request for comment, saying that the company is “committed to the health and safety of employees” and has taken precautions to follow proper protocols to keep everyone safe. This includes staggering work hours and implementing a mask requirement, temperature check, and social distancing within the office.
The company also responded to questions about potential unionization, noting that there’s work being done to “comply with relevant laws and regulations regarding the establishment and joining of labor unions by employees.” No further details were shared.
The initial attack took place on Nov. 2 when an organization called Ragnar Locker managed to gain unauthorized access to Capcom’s internal network and proceeded to demand ransom money while leaking internal details, such as upcoming game releases.
Following that attack, the Capcom Group launched an internal investigation surrounding the breach, confirming that at least 16,415 people had their names, email addresses, phone numbers, and additional information accessed. That breakdown includes 9,164 former employees, 3,994 current employees, and 3,248 business partners.
Capcom did confirm that none of the at-risk data contains credit card or payment information because the company uses a third-party service to complete online transactions and doesn’t maintain any of that information internally.
