On April 13, Capcom, a major game software maker, released a report on the leakage of personal information due to large-scale unauthorized access that occurred in November 2020.
Capcom’s personal information leak case
In November 2020, Capcom was attacked by an unauthorized access from someone, causing a large-scale leak of personal information.
According to the announcement on January 12, 2021, the number of people who have been confirmed to have leaked personal information is 16,415, including business partners, employees, and related parties.
Furthermore, the amount of personal information that may have been leaked has reached a maximum of 390,000 people, which was a very large-scale personal information leak incident.
In the 2020 information security incident ranking announced by cyber security company McAfee, it is ranked second after the docomo account fraudulent withdrawal incident.
Targeting older VPN devices
Capcom is investigating the cause of unauthorized access and reports that an older VPN device installed at a local subsidiary in the United States was the target of unauthorized access.
The Capcom Group had already introduced a new type of VPN device, but the US subsidiary had the old VPN device left as a spare device in case a network load increased and a communication failure occurred.
Although conventional security measures such as firewalls were implemented for old VPN devices, measures such as SOC services that constantly monitor the inside of the system were in the process of being prepared for introduction.
It seems that the criminal attacked an old VPN, invaded Capcom’s internal network, and then hijacked some devices in the United States and Japan to steal personal information.
Capcom has announced that it will dispose of the old VPN device that was attacked and introduce new security measures, and will establish a “security supervisory committee” including external experts to strengthen the protection of personal information. I am.
Photo: Capcom USA
Source: iPhone Mania