CD Projekt Red say staff data stolen in hack might be circulating online
"We will do everything in our power to protect the privacy of our employees"
Last night, Cyberpunk 2077 developers CD Projekt Red posted an update about data leaks following the cyber attack they experienced earlier this year. This news really doesn't fit in with last night's Summer Game Fest celebrations however, because CDPR are concerned that current and former employee data might now be circulating online, in addition to game data.
CD Projekt Red's internal systems were hacked back in February, with the attackers leaving a ransom note claiming they'd nabbed copies of the source codes for Cyberpunk 2077, The Witcher 3 and Gwent. Last week, reports that source code was being shared online surfaced, after the hackers put them up for auction. Now, however, it seems game data might not have been the most sensitive information they stole.
"We have learned new information regarding the breach, and now have reason to believe that internal data illegally obtained during the attack is currently being circulated on the Internet," CDPR posted last night.
"We are not yet able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games. Furthermore, we cannot confirm whether or not the data involved may have been manipulated or tampered with following the breach."
They say they're currently working with "an extensive network of appropriate services, experts, and law enforcement agencies" to deal with the leaks. They've also detailed some of the measures they've taken since the hack to tighten up security, such as redesigning their IT infrastructure, implementing "next-generation" firewalls and anti-malware protection, limiting access to privileged accounts and more.
"We would also like to state that - regardless of the authenticity of the data being circulated - we will do everything in our power to protect the privacy of our employees, as well as all other involved parties," they add. "We are committed and prepared to take action against parties sharing the data in question."
Last week, the group that hacked CPDR reportedly released a montage video of Cyberpunk 2077 bugs that the developers made during development. It's a common practice in game dev, funny reels of quirks and mishaps whipped together for the team to enjoy internally. But given that the game launched in a buggy state too, this being made public looks bad for CDPR - which is likely why people leaked it. It's also an example to other devs of what can happen when you don't give in to a ransom.