Capcom published the results of its investigation following the ransomware attack it was a victim of, confirming that no credit card information was accessed.
In a long statement on its website, the Japanese publisher indicated that its "internal systems are near to completely restored" and that it's working with a newly established Information Technology Security Oversight Committee to prevent such attacks from happening again.
Capcom identified the cause of the incident, with the firm's network having been accessed via an old backup VPN located in its Californian office.
Having previously announced that the security breach compromised the personal data of 16,415 people, Capcom reduced the count to 15,649. It clarified that all online transactions "are handled by a third-party service provider on a separate system (not involved in this attack), and as such Capcom does not maintain any such information internally." This explains why none of the data accessed contained credit card information.
The publisher reassured customers that it "remains safe" to buy its games online. It created support lines for customers who want to enquire about the attack and how it impacted their data.
Finally, Capcom mentioned that it was "not aware of any ransom demand amounts" following the attack, though the perpetrator did leave a message with instructions to be contacted to "negotiate." The company was advised to not make contact and therefore didn't do so.
"Capcom would once again like to reiterate its deepest apologies for any complications or concerns caused by the incident," the statement concluded. "As a company that handles digital content, it is treating this incident with the utmost seriousness, and will take the appropriate action to address any requests or directions provided by law enforcement and other relevant authorities in each country.
"At the same time, Capcom will endeavor to further strengthen its management structure while coordinating with the relevant organizations to pursue its legal options regarding criminal acts."
The company announced it had been the victim of a ransomware attack in November 2020.