As many as 350,000 Capcom players and employees are at risk of spam, phishing attacks and identity theft due to a ransomware attack and data breach involving the Japanese publisher of such classic video games as Street Fighter, Resident Evil, Mega Man, Devil May Cry and Phoenix Wright: Ace Attorney.
Passwords and credit cards don't seem to have been compromised, but you'll want to change your Capcom account password if you have one and check your credit-card statements if you've ever bought something from Capcom's online store.
- Resident Evil Netflix show is official — here's what to expect
- The best identity-theft-protection services
- Plus: Jupyter Trojan steals passwords from Chrome and Firefox — what to do
Earlier this month, Capcom announced (opens in new tab) that it had been attacked by the Ragnar Locker cybercrime gang, who had gotten into the company network and encrypted and stolen data, but Capcom reassured customers that none of their data seemed to have been accessed by the thieves.
That's no longer the case. The company said (opens in new tab) yesterday (Nov. 16) that it had "verified that some personal information ... has been compromised" and that other personal data might also have been accessed. (Some of the stolen data has already been posted online, per Bleeping Computer (opens in new tab) and the BBC (opens in new tab).)
Data known to have been stolen includes the names, addresses, signatures and passport information of current and former employees. Data suspected to have been stolen includes the names, addresses, dates of birth, email addresses and telephone numbers of customers, shareholders and former employees.
All told, Capcom says, up to 350,000 people in Japan and North America may have had their personal data compromised.
No credit cards, no passwords, but bad enough
The company said no credit-card data had been stolen, and it did not mention passwords. But the types of data stolen put affected Capcom customers and employees at greater risk of seeing more spam as well as phishing emails trying to fool recipients into giving up passwords.
The theft of the names, dates of birth and addresses also raises the risk of identity theft. In North America, you might often need only the individual's U.S. Social Security number or Canadian Social Insurance Number to be able to open a bank account, get a driver's license or perform other operations as that person.