Capcom shares results of ransomware investigation, reveals what data was and wasn't accessed

Capcom today issued its final report on the security breach it suffered back in November 2020, detailing what it has learned about the attack following an investigation performed by IT professionals. The company also gave us an updated number of people who were affected by this data breach, and those who were worried will probably be happy to know that the number has decreased since the last report.

Specifically, Capcom said today that the number of people who have suffered compromised information because of this attack has gone down by 766 since its last report in January, making the new total 15,649 people. That isn't bad when you consider that Capcom's initial report said that as many as 350,000 people could have had their information compromised, though of course, that probably isn't comforting for 15,649 former and current employees, business partners, and related parties who did have some form of their personal information stolen.

Capcom also said today that there's been no change in the nature of the information that was compromised, which importantly means that no credit card information was stolen during this breach. Information that was compromised was confirmed to include names, email addresses, HR information, and phone numbers in previous reports, though that ultimately varies from person to person.

So, how did it all happen? Capcom said today that according to the IT specialists it hired to investigate this breach, the bad actors in this case gained access to Capcom's servers through first attacking an old VPN device that was maintained at a Capcom USA. From there, the hackers went onto compromise more devices at both Capcom's North American and Japanese arms and kick off its ransomware attack, with Capcom saying it ultimately did not engage with the hackers.

While Capcom says that it was in the process of upgrading these VPN devices and its security measures, the COVID-19 pandemic slowed the roll out of both, leaving the business open to attack. The good news is that Capcom's internal systems "are near to completely restored," with the company reiterating "its deepest apologies for any complications or concerns caused by the incident." For more on this breach, be sure to check out the company's investigation results over on its Investor Relations site.