Bandai Namco’s Asian servers were hit hard earlier this month. On July 13, 2022, the Japanese game publisher released a press release confirming a ransomware attack affecting its Asian servers (excluding Japan). Allegedly, this ransomware attack leaked confidential customer information from those regions and in all likelihood had been stolen.
According to the press release, Bandai Namco Holdings Inc. experienced unauthorized access by a third party to the internal systems of several Group companies in Asian regions on July 3, 2022. Following confirmation of the breach, Bandai Namco took swift measures to mitigate the issue, blocking access to the servers to prevent further breaches and lessening the damage already caused.
Currently, the game publisher is focusing its efforts on identifying the extent of the leak, the scope of the damage, and investigating the cause. At the very least, Bandai Namco confirmed the possibility that the third party had stolen customer information related to the Toys and Hobby Hobby Business in Asian regions (excluding Japan).
While the identity of the third party is still up in the air Neoseeker noted a report from vx-underground (an online malware source code library) that allegedly the ALPHV ransomware group claimed responsibility for the Bandai Namco ransomware attack. Allegedly, ALPHV’s goal was to get the Japanese game publisher to “pay up for the safe return of any stolen data”.
ALPHV ransomware group (alternatively referred to as BlackCat ransomware group) claims to have ransomed Bandai Namco.
Bandai Namco is an international video game publisher. Bandai Namco video game franchises include Ace Combat, Dark Souls, Dragon Ball*, Soulcaliber, and more. pic.twitter.com/hxZ6N2kSxl
— vx-underground (@vxunderground) July 11, 2022
Bandai Namco promised to continue the investigation and to disclose the results at an undetermined time. They will also work with outside organizations to “strengthen security throughout the Group and take
measures to prevent recurrence.” Bandai Namco concluded, apologizing to the affected parties for the damage caused and “any complications or concerns caused by this incident.”