Photo/Illutration Capcom Co.’s headquarters in Osaka (Asahi Shimbun file photo)

Video game development giant Capcom Co. said on Nov. 16 that the personal information of approximately 350,000 users and stockholders may have been stolen in a recent ransomware cyberattack.

The information in question ranges from personal emails and customer data to information in the company’s human resources files and, in just a handful of instances, passports.

The Osaka-based company, famous for its “Biohazard” and “Resident Evil” series, said game development has not been affected by the attack. But individual game users’ names and home addresses, as well as head shots of people who have applied for jobs at the company, have likely fallen into the cybercrime organization’s hands.

A hacker group going by the name of Ragnar Locker posted a statement on its website on Nov. 9 that claimed responsibility for a ransomware attack on the company.

The group has disclosed information from more than 60 gigabytes of data apparently stolen from Capcom. The statement claimed the group downloaded about a terabyte of data from the company before it encrypted Capcom’s server, effectively locking the company out.

An anonymous person who identified themselves as a security researcher disclosed the breach to U.S. media, and then told The Asahi Shimbun the group’s extortion letter demanded cryptocurrency worth some 1.1 billion yen ($10.5 million).

Capcom officials have declined to comment on the ransom demand, but sources said Capcom has decided to fight it.

Capcom said the company has confirmed nine instances where the seized data contains current and former employees’ names and passport information, as well as the company’s financial information.

The company said there may have been up to about 350,000 instances where leaked data contained personal information, most of which contain its clients’ names and email addresses.

Of that, about 134,000 contained information about domestic customers who called the company’s customer service center, it said. About 125,000 cases in the data contain information of people who have applied for a job at the company. About 40,000 instances include information on the company’s stockholders, while about 14,000 contain information on members of the North American Capcom Store.

The company said the stolen data does not contain credit card information used for making online game purchases.

Material regarding game development and information about the company’s business contacts may also have been leaked, but the company said its game production has so far not been affected by the data breach and any potential effects on the company’s performance would be minor.

“We apologize for any inconvenience and concerns that this situation caused to people. We will continue to investigate (the matter),” the company said in a statement.

Capcom said it will establish a panel that includes outside experts to handle the matter and prevent it from happening again.

“It was a targeted ransomware attack, and the data was encrypted and access logs were deleted,” a company representative said. "That is why it took time to investigate. We have handled the incident properly in cooperation with the Osaka prefectural police."

This is the first such “double intimidation” case in which a major Japanese company was targeted and then details of the extortion were subsequently publicly leaked.

The Ragnar Locker group has been reportedly very active since June.

There are about 15 to 20 known crime groups that use ransomware in the world, according to a survey conducted by information security experts.

These criminal groups use similar tactics to hack into the networks of companies and organizations to steal sensitive information. They infect computers and servers with viruses to encrypt the data, which they can then hold for ransom, in exchange for decrypting the data and not disclosing the sensitive information.

High-profile ransomware attacks have been occurring frequently over the past year around the world.

The website of the British firm Travelex Foreign Coin Services Limited, a major foreign currency exchange, went down at the end of 2019. British and U.S. media reported that the company paid hackers a multimillion-dollar ransom. 

Ransomware attacks occur frequently in Japan.

In June, Honda Motor Co. suspended some of its global production systems and placed restrictions on employee computer use due to a system glitch.

A huge cyberattack against Mitsubishi Electric Corp. in 2019 likely leaked information related to one of the most advanced missiles being developed.

(This article was written by Takeho Morita, Fumiko Kuribayashi and Senior Staff Writer Tatsuya Sudo.)