According to “malware source code monitors” vx-underground, Bandai Namco fell victim to a ransomware attack in early July. The group stated on its Twitter account on July 11 that the ALPHV ransomware group, which also goes by the name BlackCat, claimed to be the culprit. Apparently, the data uncovered by the group mostly contained Bandai Namco’s future plans for game releases and reveals as well as DLC. Since the reports came out, Bandai Namco confirmed the hack to media outlet Eurogamer.
In a statement this morning, Bandai Namco reported that it had “experienced an unauthorized access by third party” on July 3. The company is investigating, but believes some customer information was taken.
“After we confirmed the unauthorised access, we have taken measures such as blocking access to the servers to prevent the damage from spreading,” Bandai Namco stated. “In addition, there is a possibility that customer information related to the Toys and Hobby Business in Asian regions (excluding Japan) was included in the servers and PCs, and we are currently identifying the status about existence of leakage, scope of the damage, and investigating the cause.
“We will continue to investigate the cause of this incident and will disclose the investigation results as appropriate. We will also work with external organizations to strengthen security throughout the Group and take measures to prevent recurrence.”
Not all leaks are harmless
Notably, this would not mark the first time in recent memory that a major gaming company has had to deal with a major ransomware attack. Companies such as Capcom and EA have also experienced these kinds of attacks. A particularly massive one occurred against CD Projekt Red last year. This attack resulted in the entire source code of Cyberpunk 2077 leaking online, which no doubt piqued the curiosity of those fascinated by that game’ disastrous launch.
It remains important to note that the harm caused by these ransomware attacks can go well beyond the spoiling of game reveals. The stolen data could include private information pertaining to the company’s employees and even players. At current, we still do not know how much data was retrieved in the Bandai Namco attack.