Sections

 Get your job in front of the right talentSearch our CV libraryUtilise the global reach of Gamesindustry.biz

CD Projekt employee data exposed by ransomware attack may be online

Cyberpunk studio reveals February breach was worse than originally thought

The CD Projekt Group, which owns Cyberpunk and Witcher developer CD Projekt Red, has warned that sensitive data -- including that of its own employees -- was likely exposed during a security breach earlier this year.

In a statement, the Polish developer said it has discovered new information about the breach, and now has reason to believe that some illegally gathered data is "currently being circulated on the internet."

"We are not yet able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games," the company said.

"Furthermore, we cannot confirm whether or not the data involved may have been manipulated or tampered with following the breach."

The studio said it is working with several security experts and services, as well as law enforcement agencies, including the general police headquarters of Poland. The company has also contacted Interpol and Europol.

CD Projekt also emphasised the security measures it has taken since the attack to protect against future breaches, including a redesigned IT infrastructure, new firewalls and a new remote access process.

"We would also like to state that -- regardless of the authenticity of the data being circulated -- we will do everything in our power to protect the privacy of our employees, as well as other involved parties," the statement concludes. "We are committed and prepared to take action against parties sharing the data in question."

The breach occurred in February, where an "unidentified actor" stole data from the company's internal network, charging CD Projekt a ransom to get it back. Data stolen was said to include the source codes for Cyberpunk 2077, The Witcher 3 (including an unreleased version) and Gwent.

The hacker's note to CD Projekt claimed they had also "dumped all of your documents relating to accounting, administration, legal, HR, investor relations, and more" on the internet.

CD Projekt was given 48 hours to pay the ransom, but refused. A few days later, a cyberintelligence company claimed the stolen source code had been sold.

It later emerged that CD Projekt Red staff had been locked out of the computers for up to two weeks while the studio dealt with the attack, contributing to a delay for the next Cyberpunk 2077 patch.

 Get your job in front of the right talentSearch our CV libraryUtilise the global reach of Gamesindustry.biz

More stories

CD Projekt's first full quarter since Cyberpunk 2077 release sees sales up 2%

Profits sink 65% as publisher cites tough comparison against last year's first quarter in explaining modest revenue growth

By Brendan Sinclair

CD Projekt appoints new game director for Cyberpunk

Gabriel Amatangelo moves into the role following departure of Mateusz Tomaszkiewicz

By Danielle Partis

Latest comments

There are no comments on this article yet. Why not be the first to post one?

Sign in to contribute

Need an account? Register now.