Bandai Namco confirms cyberattack after ransomware group threatens leak
Japanese video game giant Bandai Namco confirmed on Wednesday that it experienced a wide-ranging cyberattack that may have exposed customer information.
On Monday, the AlphV ransomware group added Bandai Namco to its list of victims, but the company initially did not respond to requests for confirmation.
ALPHV ransomware group (alternatively referred to as BlackCat ransomware group) claims to have ransomed Bandai Namco.
— vx-underground (@vxunderground) July 11, 2022
Bandai Namco is an international video game publisher. Bandai Namco video game franchises include Ace Combat, Dark Souls, Dragon Ball*, Soulcaliber, and more. pic.twitter.com/hxZ6N2kSxl
On Wednesday, a spokesperson for Bandai Namco told EuroGamer that the “unauthorized access by a third party” began on July 3 and involved the internal systems of several subsidiary companies in the Asia-Pacific region.
"After we confirmed the unauthorised access, we have taken measures such as blocking access to the servers to prevent the damage from spreading,” the company told the outlet.
“In addition, there is a possibility that customer information related to the Toys and Hobby Business in Asian regions (excluding Japan) was included in the servers and PCs, and we are currently identifying the status about existence of leakage, scope of the damage, and investigating the cause.”
The company added that it plans to release the results of an investigation at a later date. It did not respond to requests for comment about whether the exposure was a result of a ransomware attack and which parts of its systems were encrypted.
Bandai Namco is behind some of the most popular games in the world, including Elden Ring, Dark Souls and Soulcalibur. It also owns several multi-million dollar video game franchises like Pac-Man and Tekken.
With a 2021 revenue of more than $7 billion, it is the third largest video game company out of Japan after Sony and Nintendo.
Video game makers have been a popular target for ransomware groups and hackers. The Ragnar Locker ransomware group attacked Capcom in 2020 and CD Projekt Red – the Polish game developer behind games like Cyberpunk 2077 and The Witcher series – was hit by the HelloKitty ransomware group last year.
Important Update pic.twitter.com/PCEuhAJosR
— CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021
Ubisoft and Crytek were hit by the Egregor ransomware gang in 2020.
Last year, cyber attackers began selling access to Electronic Arts games and servers after a hack. A hacker defaced the in-game interface of Apex Legends in June 2021 and French video game maker Ubisoft said in December that a misconfiguration in its IT infrastructure exposed gamer data for players of its Just Dance video game series.
AlphV continues to be one of the most prolific ransomware groups, with attacks over the last month on the city government of Alexandria, Louisiana and several universities throughout the spring.
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.