Capcom Details What Data Was Compromised In Cyberattack

Illustration for article titled Capcom Details What Data Was Compromised In Cyberattack
Photo: CHARLY TRIBALLEAU/AFP/Getty Images (Getty Images)

As Kotaku previously reported, Capcom was hit by a cyberattack, with a group claiming to have stolen 1TB of employee and customer data. Today, Capcom has detailed what data was compromised.


In an official release, Capcom lists the leaked data it has confirmed so far, adding that “additional personal and corporate information may have been compromised in this attack.” Capcom has been consulting with the police and other authorities.

As of November 16, below are both the verified and potentially comprised data.

1. Information verified to have been compromised

i. Personal information: 9 items

  • Personal information of former employees: 5 items (Name & signature: 2 items; name & address: 1 item; passport information: 2 items)
  • Personal information of employees: 4 items (Name and HR information: 3 items; name & signature: 1 item)

ii. Other information

  • Sales reports
  • Financial information

2. Potentially compromised data

i. Personal information (customers, business partners, etc.): maximum of approx. 350,000 items

  • Japan: Customer service video game support help desk information (approx.134,000 items); Names, addresses, phone numbers, email addresses
  • North America: Capcom Store member information (approx. 14,000 items); Names, birthdates, email addresses
  • North America: Esports operations website members (approx. 4,000 items); Names, email addresses, gender information
  • List of shareholders (approx. 40,000 items); Names, addresses, shareholder numbers, amount of shareholdings
  • Former employees’ (including family) information (approx. 28,000 people); applicants’ information (approx. 125,000 people); Names, birthdates, addresses, phone numbers, email addresses, photos, etc.

ii. Personal information (employees and related parties)

  • Human resources information (approx. 14,000 people)

iii. Confidential corporate information

  • Sales data, business partner information, sales documents, development documents, etc.

According to Capcom, credit cards were not part of the at-risk data, as those transactions are handled by a third party; moreover, its games and websites were not impacted. The publisher also stated it will strengthen its online security to avoid a future attack.

“Capcom offers its sincerest apologies for any complications and concerns that this may bring to its potentially impacted customers as well as to its many stakeholders,” the Osaka-based game maker stated.

You can read the full release right here, which includes contact info for those concerned their data was compromised.

Originally from Texas, Ashcraft has called Osaka home since 2001. He has authored six books, including most recently, The Japanese Sake Bible.



“including family information” what? Why does a corporation have info on your family beyond an emergency contact?