In a statement shared with TechCrunch, Bandai Namco said it detected “unauthorized access” to its systems by a third party on July 3, adding that it has since taken measures, such as blocking access to the affected servers, to “prevent the damage from spreading.” The confirmation comes days after the Alphv ransomware gang, also known as BlackCat, added the Japanese company to its dark web leak site.
Bandai Namco declined to elaborate on the nature of the cyberattack or how hackers were able to access its systems, but warned customer data may have been stolen, all but confirming that it was hit by ransomware.
“There is a possibility that customer information related to the Toys and Hobby Business in Asian regions (excluding Japan) was included in the servers and PCs, and we are currently identifying the status about existence of leakage [sic], scope of the damage and investigating the cause,” Bandai Namco said.
The Alphv ransomware group — believed to be the latest incarnation of the DarkSide ransomware gang responsible for the Colonial Pipeline attack — has threatened that the stolen data will be released “soon,” but no exact deadline has been given. Bandai Namco declined to say whether it had been given a ransom demand.
“We will continue to investigate the cause of this incident and will disclose the investigation results as appropriate,” Bandai Namco added. “We will also work with external organizations to strengthen security throughout the Group and take measures to prevent recurrence. We offer our sincerest apologies to everyone involved for any complications or concerns caused by this incident."
Bandai Namco is the latest in a long line of gaming companies to be targeted by hackers. CD Project Red, the studio behind The Witcher 3 and Cyberpunk 2077, was last year hit by a ransomware attack, which saw hackers leak data related to its games, contractors and employees. Electronic Arts was also hit by a cyberattack last June, an incident that is believed to be linked to the once-notorious Lapsus$ hacking group.