Capcom, the renowned Japanese video game developer responsible for popular series like “Resident Evil” and “Street Fighter,” has acknowledged a security breach resulting in the theft of customer data and internal files. This followed a ransomware incident that occurred earlier this month.

This announcement represents a shift in Capcom’s initial response to the cyberattack, during which the company stated it had found no indication of unauthorized access to customer information.

According to a recent statement, data pertaining to approximately 350,000 customers may have been compromised, potentially including names, residential addresses, contact numbers, and, in certain instances, dates of birth. Furthermore, Capcom confirmed that the attackers also obtained the company’s internal financial records and human resources data concerning both current and former personnel. This stolen data encompassed names, addresses, birthdates, and photographs. The perpetrators also acquired “sensitive corporate information,” such as documentation related to business associates, sales figures, and development plans.

Capcom has clarified that no credit card details were taken, as all payment processing is managed by an external provider.

However, the company cautioned that the precise extent of the data breach “remains undetermined” due to the loss of internal logging systems during the attack.

Capcom issued an apology for the security incident. “Capcom deeply regrets any inconvenience or worry this incident may cause to potentially affected customers and all of its stakeholders,” the statement conveyed.

The video game company experienced a ransomware attack by the Ragnar Locker group on November 2nd, leading to a temporary network shutdown. Ragnar Locker is a type of ransomware that not only encrypts a victim’s network but also extracts data beforehand, threatening public release unless a ransom is paid. This tactic allows ransomware groups to continue demanding payment even if the victim successfully recovers their systems from backups.

The Ragnar Locker website currently displays data purportedly stolen from Capcom, accompanied by a message suggesting the company did not meet the ransom demands.

Capcom has notified data protection authorities in both Japan and the United Kingdom, complying with European GDPR regulations regarding data breach notifications. Non-compliance with GDPR rules can result in penalties of up to 4% of a company’s annual revenue.