Back in November last year, Capcom was hit by a severe cyber attack that saw personal information, internal briefings and game details compromised and held to ransom. Following a few updates in November and January, Capcom has now issued a lengthy explanation of exactly what happened – and the steps it’s taking to prevent it happening again.
In an update post summarising the results of its (now-completed) investigation carried out with the help of specialist companies, Capcom said its internal systems are now “near to completely restored”. The attack had encrypted data on Capcom devices, and installed a message demanding Capcom contact the hacking group responsible.
As for how the attack happened, Capcom explained that unauthorised access to the company’s internal network was acquired in October 2020 through an old backup VPN at Capcom USA. It seems Covid-19 had a hand in creating conditions for the attack to be successful, as although Capcom had already started switching to newer VPN devices, the growing strain on the company’s network due to working from home meant the older VPN was kept as “an emergency backup in case of communication issues”. This VPN became the target of the cyber attack, and through this the attackers were able to compromise devices at Capcom’s US and Japanese offices, leading to the theft of information.
