Resident Evil developer Capcom has announced a breach that compromised the personal information of employees, and potentially compromised the data of up to 350,000 users.
Video game developer @CapcomUSA_ makes the game ‘Resident Evil’. They’re experiencing that now being a victim of a customized #ransomware attack, potentially including the leak of PII for up to 350,000 people. Could be a $1B ransomware attack. https://t.co/SImAWV2GHF HT @KyleOrl
— Ben Rothke (@benrothke) November 17, 2020
The recent Capcom breach is damaging for them on multiple levels. The loss of customer information, including more than enough data for attackers to craft targeted phishing and social engineering attacks, will both damage their reputation and subject them to data protection regulations. It\’s good that no customer financial information appears to have been stolen. However, the loss of internal corporate and HR data may prove even more damaging than the loss of customer data. Worse, they do not appear to have a full accounting of what was taken due to the attackers destroying internal logs.
This attack is another example of how sophisticated these attacks have become. The attackers exfiltrate data before encryption, which means that even if the victim is able to restore from backup, they may still be subject to extortion over the release of confidential information. The industry will keep improving our defenses, and legislatures will keep adding penalties for organizations that fail to follow best practices, but it will take the international Law Enforcement community cracking down on this type of crime to stem the tide.