The CD Projekt Group was the subject of a ransomware attack earlier this year. The company has now warned that some sensitive data, including that of its own staff, was probably exposed during said attack.
The company explained in a statement that it has become aware of new information relating to the attack, and has reason to believe some of the illegally obtained data is floating around online somewhere. Unfortunately, CD Projekt isn’t able to clarify exactly what data has been taken or is being shared. It believes that it includes details of current and former employees as well as contractors.
In addition, CD Projekt can’t confirm if the data they still have has been tampered with. This may have happened during the breach itself. However, security experts have been brought in to look at the situation, and the company is working with local authorities including Interpol and Europol on the matter.
The company has restructured and put new security measures in place to prevent future attacks from happening. But for many, the damage is already done.
The studio has pledged to protect the privacy of all those affected. It will be working as hard as possible to take down the data that’s out there, regardless of how authentic it is. Action will then be taken against the parties responsible for the attack.
The attack came in February, when an unidentified actor stole from the company’s network. They then charged CD Projekt a ransom to get that data back, which was said to include an unreleased version of The Witcher 3: Wild Hunt and Cyberpunk 2077’s source code.
The hackers added that they had dumped all information on accounts, administration, HR, legal, investor relations, and much more online. This is the data that CD Projekt is talking about now, stuff that could harm individuals.
CD Projekt Red staff were locked out of their computers for two weeks while the issue was dealt with. The hackers claim that the codes they stole were purchased online. Whether this is true or not remains to be seen, but hopefully all those affected can be protected now that authorities are involved.