Following the news, security experts have been commenting on the incident:
Lewis Jones, Threat Intelligence Analyst at Talion:
“This was one of the biggest Ransomware attacks of 2020, with an estimated 390,000 users affected. The fact it has taken Capcom nearly 6 months to restore its systems and fully investigate the attack is a warning for organisations across the world that Ransomware should be taken seriously. Despite this, Capcom state that whilst a ransom demand was made it never communicated with the attackers and didn’t pay the demand. Therefore it is expected that the breached data could be made public, if not already.
Interesting the company confirmed that the attackers targeted an “older backup VPN” which remained in use due to increased demand arising from the Covid-19 pandemic. This highlights the importance of organisations patching against vulnerabilities and keeping systems up to date.
The company does appear to have managed the situation as well as possible in terms of keeping customers up to date with regular statements and set up a Japan-only phoneline for individuals who wish to inquire about the personal information that has potentially been compromised (0120-400161). North American and European customers are advised to contact its customer support.
Capcom has now confirmed that no credit card details have been breached, however, a large number of former staff and customer details have been stolen. For customers of Capcom who may be affected by the breach, be cautious and act as if your personal details have been breached until notified otherwise. Be alert to incoming texts, calls and emails utilising the information shared in this incident from unknown sources demanding further personal information or payment. Also, consider the password you utilise for this account, if this has ..