Polish game developer CD Projekt Red, the popular company behind the Witcher series and Cyberpunk 2077, has revealed this week that proprietary data taken in a ransomware attack disclosed four months ago is circulating online.
Ars Technica reports that CD Projekt Red, the Polish game developer behind the Witcher series and Cyberpunk 2077, has revealed that data stolen during a ransomware attack it disclosed four months ago is being circulated online.
Company officials said in a statement:
Today, we have learned new information regarding the breach and now have reason to believe that internal data illegally obtained during the attack is currently being circulated on the Internet.
We are not yet able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games.
The update is a swift backtrack on claims made in February that the stolen data did not include the personal information of employees or customers. A week after disclosing the attack, CD Projekt Red maintained that the probability of employee personal data being disclosed was “low” and went on to say that “after our investigation, we have not found any evidence that any personal data was actually transferred outside the company network” and that “due to the attackers’ course of action, we may never be able to say for certain if they actually copied any personal data.”
It is currently unclear why it took CD Projekt Red four months to determine that employee data was likely affected by the ransomware attack. Shortly after CD Projekt Red’s initial disclosure of the hack, researchers said that they uncovered data showing that source code for games in including Cyberpunk 2077, Gwent, and The Witcher 3 had been put up for auction with a starting bid of $1 million.
Security researchers believe that the ransomware attack was carried out by HelloKitty, a smaller ransomware group sometimes referred to as DeathRansom.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com