News: CD Projekt Red appears to have been hacked and the authorities are looking into it to see who is responsible.
It appears that CD Projekt Red has been the victim of a targeted cyber attack, according to a message they just sent out to everyone. They say their internal systems have been compromised and that the party responsible is demanding a ransom for the information they stole. If CD Projekt Red doesn’t pay then, presumably, the responsible party will leak a bunch of sensitive information. The statement in full from CD Projekt Red is below:
”Yesterday we discovered that we have become a victim of a targeted cyber attack, due to which some of our internal systems have been compromised.
An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD Projekt capital group, and left a ransom note the content of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data.
We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data. We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.
We are still investigating the incident, however at this time we can confirm that - to our best knowledge - the compromised systems did not contain any personal data of our players or users of our services.
We have already approached the relevant authorities, including law enforcement and the President of the Personal Data Protection Office, as well as IT forensic specialists, and we will closely cooperate with them in order to fully investigate this incident.”
If you want to take a look at the ransom note itself, click here.
If you think you might be affected by this, you will want to turn on fraud alerts on your account so that you can be alerted to any suspicious activity. CD Projekt Red says that to the best of their knowledge players shouldn’t have anything to worry about but employees (whether current or ex-employees) might want to take the steps necessary to protect their personal accounts. If you have any questions about that, you can write to their Privacy Team at dpo[at]cdprojektred.com.
source: CD Projekt Red