Capcom has issued a statement saying that as many as 350,000 "items" of personal information, including names, addresses, phone numbers, and email addresses may have been compromised in a hack of its internal systems that occurred earlier this month. The company said initially that there was "no indication that any customer information was breached," but further investigation has revealed that this is not actually the case.
Only nine pieces of personal information have been verified as compromised, five belonging to former employees and four to current employees. The numbers for "potentially compromised data" are much greater, however. Capcom broke it down like this:
Personal information (customers, business partners, etc.): maximum of approx. 350,000 items
- Japan: Customer service video game support help desk information (approx.134,000 items)
Names, addresses, phone numbers, email addresses
- North America: Capcom Store member information (approx. 14,000 items)
Names, birthdates, email addresses
- North America: Esports operations website members (approx. 4,000 items)
Names, email addresses, gender information
- List of shareholders (approx. 40,000 items)
Names, addresses, shareholder numbers, amount of shareholdings
- Former employees' (including family) information (approx. 28,000 people);
applicants' information (approx. 125,000 people)
Names, birthdates, addresses, phone numbers, email addresses, photos, etc.
Personal information (employees and related parties)
- Human resources information (approx. 14,000 people)
Confidential corporate information
- Sales data, business partner information, sales documents, development documents, etc.
It's not clear if the "data items" in question represent individuals, or if there's a significant amount of crossover between them: A Capcom rep declined to comment further, saying only that "the maximum number of data items that may have potentially been compromised is 350,000 items."
The good news is that none of the data in question contains credit card information: Online transactions are handled by a third party, so Capcom doesn't maintain credit card information internally. Unfortunately, it will never be able to confirm exactly how much of the potentially compromised data was actually lost, because some logs were also lost as a result of the hack.
Capcom said that it is coordinating with police in the US and Japan as it continues its investigation into the attack, and assured customers that it is safe to access its website and play its games online. It also promised to contact all users whose personal data is verified to have been compromised "to explain the background of this incident and current situation." Anyone concerned about a potential data breach can contact Capcom via one of three channels:
- North America: Capcom USA customer support page
- Japan: Game customer inquiries (0120-400161) or general inquires (0120-896680)
- EMEA: Capcom Europe customer support email - email@example.com
"Capcom would once again like to reiterate its deepest apologies for any complications or concerns caused by this incident. As a company that handles digital content, it is regarding this incident with the utmost seriousness," the company said. "In order to prevent the reoccurrence of such an event, it will endeavor to further strengthen its management structure while pursing legal options regarding criminal acts such as unauthorized access of its networks."
Ironically, the data breach has resulted in some good news for Capcom fans, including word that Resident Evil Village will be out in April 2021, and that Monster Hunter: Rise and Monster Hunter Stories 2, both officially announced for the Nintendo Switch, are also coming to PC.