CD Projekt warns employee data might be caught up in leak circulating online
"We are committed and prepared to take action against parties sharing the stolen data."
Midway through this evening's Summer Game Fest, CD Projekt released a statement discussing the circulation of stolen data from a ransomware attack - and the company is concerned it may contain employee and contractor data.
Earlier this year CD Projekt announced it had been hit by a ransomware attack, and last week we began to hear reports this stolen data was being actively shared online. Several developer-made bug montages emerged from this, but source code for several CD Projekt games (including The Witcher 3 and Cyberpunk 2077) is also reported to have been shared, and CD Projekt is concerned employee and contractor data is caught up in this.
"... We have learned new information regarding the breach, and now have reason to believe that internal data illegally obtained during the attack is currently being circulated on the internet," the statement says. "We are not able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games. Furthermore, we cannot confirm whether or not the data involved may have been manipulated or tampered with following the breach."
One statement from the hacker group claimed they had access to "CDPR data, company reports, NDA," but that these would only be shown to the media and not the public. So far it seems these are yet to enter wider circulation, but it may only be a matter of time before more sensitive documents are shared more widely.
CD Projekt added it's currently working with "an extensive network of appropriate services" to investigate the leak, and it will do "everything in our power to protect the privacy of our employees, as well as all other involved parties".
"We are committed and prepared to take action against parties sharing the stolen data."