Home / Tech News / Featured Tech News / Outdated VPN device led to Capcom cyberattack

Outdated VPN device led to Capcom cyberattack

Matthew Wilson April 15, 2021 Featured Tech News, Security, Software & Gaming

In November 2020, Capcom confirmed it had suffered a huge data breach, with attackers stealing hundreds of thousands of confidential records and other data, including personal information of employees and plans for future games. In an update this week, Capcom confirms that it has completed its investigation into the attack.

The fourth update confirms that Capcom's internal systems are “near to completely restored” and the company has established an “IT Security Oversight Committee”, which will help maintain security moving forward. With solutions now in place, Capcom can now be a bit more transparent with what exactly went wrong in late 2020.

According to their investigation, the attackers gained unauthorised access to servers in October 2020 by exploiting an old backup VPN device that was being used at Capcom's US offices. At the time, Capcom had introduced a new VPN but one of the old VPN devices remained active and was not shut down. This device has now been removed from the network.

After gaining access through the VPN, the attackers were then able to compromise systems both at Capcom USA and Capcom Japan, leading to over 1TB of files being stolen. In total, the information of 15,649 people was compromised – initially the number was much larger but during the course of the investigation, Capcom was able to narrow the leak down. Capcom is contacting those who were impacted and has set up support lines for those affected to ask questions.

Following the cyberattack, there was a message left behind demanding a ransom but no specific monetary amount was specified. Additionally, Capcom confirms it “took no steps to make contact”. While this concludes Capcom's internal investigation, the publisher continues to work with “relevant authorities” to pursue legal options against the attackers.

Discuss on our Facebook page, HERE.

KitGuru Says: While we often see a lot of companies failing to offer transparency when it comes to cyberattacks, Capcom has taken the opposite approach. We've had regular updates and a lot of transparency over what happened and the solutions now in place, which is excellent. More companies should look at this and handle things in a similar way.

Become a Patron!

Tags

Check Also

Wreckfest 2 Early Access

Wreckfest 2 is out now in Early Access

Wreckfest 2 is officially out now in Early Access, costing £24.99 while including a modest selection of content at launch.

© Copyright 2025, Kitguru.net All Rights Reserved Standard Terms

We've noticed that you are using an ad blocker.

Thank you for visiting KitGuru. Our news and reviews teams work hard to bring you the latest stories and finest, in-depth analysis.

We want to be as informative as possible – and to help our readers make the best buying decisions. The mechanism we use to run our business and pay some of the best journalists in the world, is advertising.

If you want to support KitGuru, then please add www.kitguru.net to your ad blocking whitelist or disable your adblocking software. It really makes a difference and allows us to continue creating the kind of content you really want to read.

It is important you know that we don’t run pop ups, pop unders, audio ads, code tracking ads or anything else that would interfere with the KitGuru experience. Adblockers can actually block some of our free content, such as galleries!