Capcom has concluded its investigation into the November 2020 ransomware attack that saw numerous data being leaked about its employees and upcoming projects.
The news come via a lengthy statement published on their official website, confirming that its internal systems are almost completely restored, and that they have established a new Technology Security Oversight Committee to strengthen its security. Most notably, they have re-confirmed that no credit card information or systems related to game purchases were affected by the breach.
As described in previous announcements, none of the at-risk data contains credit card information. All online transactions etc. are handled by a third-party service provider on a separate system (not involved in this attack), and as such Capcom does not maintain any such information internally.
Additionally, the areas that were impacted in the incident are unrelated to those systems used when connecting to the internet to play or purchase the company’s games online, which utilized and continue to utilize either an external third-party server or an external server (not involved in this attack). As such, these systems were outside the scope of the incident, and it remains safe for Capcom customers or others to connect to the internet to play or purchase the company’s games online.
Following this investigation, Capcom has revealed that the root cause was an outdated backup VPN located in the California office. This backup VPN was intended to be a reserve in case of communication issues during the COVID-19 pandemic, but was exploited by the hackers to gain access to Capcom’s systems. This VPN device has since been removed.
As a conclusion to the incident, Capcom had this to say:
Capcom would once again like to reiterate its deepest apologies for any complications or concerns caused by the incident. As a company that handles digital content, it is treating this incident with the utmost seriousness, and will take the appropriate action to address any requests or directions provided by law enforcement and other relevant authorities in each country. At the same time, Capcom will endeavor to further strengthen its management structure while coordinating with the relevant organizations to pursue its legal options regarding criminal acts.
What do you think? Let us know in the comments.