In November 2020, Capcom was a target of a ransomware attack. The hackers managed to obtain information from the company’s internal server, including details on unannounced Capcom projects and spoilers for the upcoming Resident Evil Village. Not only was information about video games leaked, but also personal data from over 15,000 people. Capcom has released a new press release addressing the situation, explaining why the hack happened and the countermeasures it has taken to avoid future scandals. It also reiterated that no credit card data was taken.
It turns out that the cause was an old VPN (virtual private network) device that was used for backup. Capcom had previously switched to newer VPN devices, while this backup device was kept at the U.S. office. The hack of Capcom occurred through this device, allowing the hackers to access devices from both the U.S. and Japan offices, which explains why they were able to expose so much of Capcom’s data. The old VPN has now been disposed of, with Capcom revamping its practices.
Capcom has since implemented a variety of additional security measures to ensure that another incident won’t happen. It has strengthened its already existing technical and organizational measures, such as introducing an SOC (Security Operation Center) service to monitor external connections. Capcom delves into much more granular detail in the full press release, which explains its entire plan going forward. Hopefully, Capcom will not experience any further serious hacks in the future.