It’s corporate PR 101: If you want people to miss your announcement, drop it at 5 p.m. on a Friday. Or, at the very least, wait until everyone’s looking at something else.
As the entire gaming world laser-focused on Geoff Keighley’s sartorially questionable sneakers during the Summer Game Fest Kickoff Live! event, Cyberpunk 2077 studio CD Projekt Red released a statement regarding a February cyberattack against the company. Turns out, that data breach could not be contained.
“Today, we have learned new information regarding the breach, and now have reason to believe that internal data obtained during the attack is currently being circulated on the internet. [...] We are not able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games,” CDPR wrote in a tweet published at 2:39 p.m. ET, smack in the middle of today’s hotly anticipated showcase of video gaming advertisements.
Still, CDPR was vague about what exactly was out there and whether any of it was true or had been altered.
When the cyber attack was made public this winter, the hackers, who remained anonymous, said they obtained source code for CDPR games like The Witcher 3: Wild Hunt and Cyberpunk 2077.
“Your [sic] have been epically PWNED!!!” they wrote, allegedly giving CDPR 48 hours to respond. The hackers threatened that, by releasing internal documents, public trust in—and, crucially, stock price for—CDPR would take a dip, likely a reference to the infamously rocky rollout of Cyberpunk 2077.
Today’s statement doesn’t say whether or not players of CDPR’s games were affected. Representatives for CDPR did not immediately respond to Kotaku’s request for comment. (Update: 6/11/2021, 2:15 p.m. ET: In a statement to Kotaku, CDPR representatives said “No player data has been affected. We do not process any player data on the servers in question.”)
In February, while first addressing the hack, CDPR wrote that “to our best knowledge, the compromised systems did not contain any personal data of our players or users of our services.”
The next day, hackers reportedly put up the data at auction with a starting price of $1 million.