CD Projekt, the developer behind games such as Cyberpunk 2077 and The Witcher series, has confirmed that company data obtained during a ransomware attack earlier this year is being circulated online.
In February, the developer had a portion of its internal systems compromised, with hackers from the 'HelloKitty' group obtaining company data as well as encrypting a number of developer devices.
A month later, the stolen data, which includes accounting, administration, legal, HR, and investor relations information, was being auctioned off in a Dark Web "charity fundraising" event organised by the hackers.
On Thursday, CD Projekt issued a statement saying that it had "learned new information regarding the breach", leading the company "to believe that internal data illegally obtained during the attack is currently being circulated on the Internet".
"We are not yet able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games. Furthermore, we cannot confirm whether or not the data involved may have been manipulated or tampered with following the breach," the developer announced, adding that it's "committed and prepared to take action against parties sharing the data in question":
"We would also like to state that — regardless of the authenticity of the data being circulated — we will do everything in our power to protect the privacy of our employees, as well as all other involved parties."
RELATED RESOURCE
Defend your organisation from evolving ransomware attacks
Learn what it takes to reduce risk and strengthen operational resiliency
International law enforcement agencies Interpol and Europol have been contacted by the Warsaw-based company, which is also cooperating with Poland's General Police Headquarters as well as multiple external cyber security & IT specialists.
CD Projekt also announced that it had "taken multiple measures to secure and harden [its] internal systems'', in order to prevent similar incidents in the future. The developer has rolled out a new, redesigned core IT infrastructure, implemented next-generation firewalls with advanced anti-malware protection, employed a new remote-access solution, and expanded its internal security department.
Additionally, the company has limited the number of accounts that hold 'privileged' access rights, installed a new mechanism for endpoints, servers, and networks protection, while also improving its event-monitoring strategy.
-
Using DeepSeek at work is like ‘printing out and handing over your confidential information’News Thinking of using DeepSeek at work? Think again. Cybersecurity experts have warned you're putting your enterprise at huge risk.
-
Can cyber group takedowns last?ITPro Podcast Threat groups can recover from website takeovers or rebrand for new activity – but each successful sting provides researchers with valuable data
-
Average ransom payment doubles in a single quarterNews Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new groupNews The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos
-
Google cyber researchers were tracking the ShinyHunters group’s Salesforce attacks – then realized they’d also fallen victimNews In an update to an investigation on the ShinyHunters group, Google revealed it had also been affected
-
Nearly one-third of ransomware victims are hit multiple times, even after paying hackersNews Many ransomware victims are being hit more than once, largely thanks to fragmented security tactics
-
75% of UK business leaders are willing to risk criminal penalties to pay ransomsNews A ransom payment ban is a great idea - until you're the one being targeted...
-
The Scattered Spider ransomware group is infiltrating Slack and Microsoft Teams to target vulnerable employeesNews The group is using new ransomware variants and new social engineering techniques - including sneaking into corporate teleconferences
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crimeNews A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
