Capcom says the personal information over 350,000 business partners and customers may have been compromised following a recent ransomware attack.
Earlier this month, the Resident Evil and Monster Hunter developer explained an unauthorized third party had accessed its internal systems, but said there was no evidence that any customer information had been breached.
Now, however, the company has confirmed that the personal information of a small number of employees, including names, addresses, signatures, and passport information, has been leaked. It also noted that a variety of details belonging to approximately 350,000 customers, business partners, and former workers has "potentially" been compromised.
That potential leak includes email addresses, names, and other details from the company's Japanese customer support department, its North American esports operations, the North American Capcom Store, and more.
It also includes confidential corporate information like sales data, business partner information, sales documents, and development documents, although Capcom has stressed that "none of the at-risk data contains credit card information."
The company has apologized for the breach and said it continues to investigate the matter with assistance from a third-party security company and relevant law enforcement authorities. It has also reassured players that it remains safe for them to play its various online games and access its websites.
"Capcom will continue its investigation, beginning with contacting those individuals and other stakeholders whose information it has verified as having been compromised, while continuing to look into what other information was potentially taken," reads a Capcom statement.
"Investigation and analysis of this incident took additional time due to the targeted nature of this attack, which was carried out using what could be called tailor-made ransomware, as was covered in some media reports, aimed specifically at the company to maliciously encrypt the information saved on its servers and delete its access logs.
"Capcom regrets that this report could not be made sooner than today. The company asks that everyone potentially affected by this incident practice an abundance of caution, looking out for any suspicious packages received by mail or messages that could potentially be received."
Moving forward, Capcom will continue its investigation, and has also pledged to establish a new security advisory board with the help of external experts to prevent another attack. You can read the company's full statement here.