“None of the at-risk data contains credit card information,” they stated. “All online transactions etc. are handled by a third-party service provider, and as such Capcom does not retain any such information internally.”
The attack took place on November 2. Stolen information was ransomed by the hackers, but the company decided not to pay the demanded sum, in accordance with law enforcement advice. Now the incident’s impact appears to be larger than originally believed.
Sales reports and other financial information are among the items confirmed stolen, though Capcom admits it’s struggling to confirm more, since some of its own logs were damaged or lost in the attack. They also believe that personal info such as names, addresses, and email addresses may have been obtained from Japanese customer service help desk users, as well as North American Capcom Store and eSports operations website users. Furthermore, development documents and human resources information on employees and their families may be included.
Individuals will be contacted as Capcom verifies the theft of their data and works with law enforcement authorities.