350,000 people exposed in Capcom data breach — what to do now

News
By published

Cybercrooks steal, dump Capcom customer, employee data

A screenshot of Resident Evil 2.
(Image credit: Capcom)

As many as 350,000 Capcom players and employees are at risk of spam, phishing attacks and identity theft due to a ransomware attack and data breach involving the Japanese publisher of such classic video games as Street Fighter, Resident Evil, Mega Man, Devil May Cry and Phoenix Wright: Ace Attorney. 

Passwords and credit cards don't seem to have been compromised, but you'll want to change your Capcom account password if you have one and check your credit-card statements if you've ever bought something from Capcom's online store.

Earlier this month, Capcom announced that it had been attacked by the Ragnar Locker cybercrime gang, who had gotten into the company network and encrypted and stolen data, but Capcom reassured customers that none of their data seemed to have been accessed by the thieves.

That's no longer the case. The company said yesterday (Nov. 16) that it had "verified that some personal information ... has been compromised" and that other personal data might also have been accessed. (Some of the stolen data has already been posted online, per Bleeping Computer and the BBC.)

Data known to have been stolen includes the names, addresses, signatures and passport information of current and former employees. Data suspected to have been stolen includes the names, addresses, dates of birth, email addresses and telephone numbers of customers, shareholders and former employees. 

All told, Capcom says, up to 350,000 people in Japan and North America may have had their personal data compromised.

No credit cards, no passwords, but bad enough

The company said no credit-card data had been stolen, and it did not mention passwords. But the types of data stolen put affected Capcom customers and employees at greater risk of seeing more spam as well as phishing emails trying to fool recipients into giving up passwords. 

The theft of the names, dates of birth and addresses also raises the risk of identity theft. In North America, you might often need only the individual's U.S. Social Security number or Canadian Social Insurance Number to be able to open a bank account, get a driver's license or perform other operations as that person.

If you're a U.S. resident and a Capcom customer or account holder, consider instituting a credit freeze to lock down your accounts and using one of the best identity-theft-protection services.

See more Computing News
TOPICS
Paul Wagenseil
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Online Security
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
Latest in News
Rendered images of rumored foldable iPhone.
Foldable iPhone report just revealed key details — here's what we know
NYTimes Connections
NYT Connections today hints and answers — Saturday, March 23 (#651)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #385 (Sunday, March 23 2025)
Nintendo Switch 2
Nintendo Switch 2 rumored specs — here’s what we know so far
iPhone 17 Pro render
iPhone 17 Pro — 7 biggest rumored upgrades
CAD renderings of the Google Pixel 10 Pro XL
Pixel 10 leak could be good news for all Android phones
More about online security
Hacker using a stolen social security card

Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
A magnifying glass on top of the Steam logo in a web browser

Valve just pulled a malicious game demo spreading info-stealing malware from Steam
Grok vs Claude logo on a laptop

I'm a published author and I tested Claude 3.7 Sonnet vs Grok 3 at creative writing — here's my verdict
See more latest