clock menu more-arrow no yes mobile

Filed under:

Cyberpunk 2077 publisher CD Projekt says data breach is worse than originally thought

‘We cannot confirm whether or not the data involved may have been manipulated or tampered with’

Shortly after the death of their partner, the player character stares into a filthy bathroom mirror in Cyberpunk 2077. Image: CD Projekt Red
Charlie Hall is Polygon’s tabletop editor. In 10-plus years as a journalist & photographer, he has covered simulation, strategy, and spacefaring games, as well as public policy.

CD Projekt, the parent company of the developer of Cyberpunk 2077, announced Thursday that the data breach it suffered earlier this year is potentially more damaging than originally thought. The news was announced during the high-profile industry premieres showcased during the Summer Game Fest, hosted by Geoff Keighley.

In early February CD Project announced that it was targeted by a “cyber attack” and that data, including video game source code, had been stolen. At the time, the Polish company said that “certain data” was being ransomed by unknown parties. It did not confirm the type of data stolen. Today’s announcement, while still vague, seems to indicate that data was quite sensitive indeed.

The statement, made on Twitter, reads as follows:

We would like to share with you a follow-up on the February security breach which targeted the CD Projekt Group. Today we have learned new information regarding the breach, and now have reason to believe that internal data illegally obtained during the attack is currently being circulated on the Internet.

We are not able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games. Furthermore, we cannot confirm whether or not the data involved may have been manipulated or tampered with following the breach.

Currently, we are working together with an extensive network of appropriate services, experts, and law enforcement agencies including the General Police headquarters of Poland. We have also contacted Interpol and Europol. The information we shared in February with the President of the Personal Data Protection Office (PUODO) has also been updated.

We would also like to state that — regardless of the authenticity of the data being circulated — we will do everything in our power to protect the privacy of our employees, as well as all other involved parties. We are committed and prepared to take action against parties sharing the stolen data.

Following the launch of Cyberpunk 2077, which was delayed multiple times and released in a broken state, CD Projekt has lost a significant portion of its value on the Polish stock market. Earlier this week Bloomberg reported that an investment firm in the United Kingdom has called for co-CEOs Adam Kiciński and Marcin Iwiński to step down.

The next level of puzzles.

Take a break from your day by playing a puzzle or two! We’ve got SpellTower, Typeshift, crosswords, and more.