Bandai Namco says it was hacked, still investigating scope of damage

Bandai Namco says it was hacked by a ransomware group in July, the Elden Ring and Tekken publisher confirmed Wednesday. The group, called Black Cat after the ransomware it uses, claimed responsibility for the attack, adding Bandai Namco to its list of victims.

Bandai Namco says that the hack appears to have affected its internal systems in Asia (excluding Japan) and that some customer data from its toys and hobby business may have been accessed. The publisher says it’s still investigating the extent of the hack.

“ALPHV ransomware group (alternatively referred to as BlackCat ransomware group) claims to have ransomed Bandai Namco,” malware watchdog vx-underground posted on Twitter. Black Cat, also known as ALPHV, is a notorious ransomware group that is allegedly tied to the Colonial Pipeline hack that shut down the major fuel pipeline and disrupted gas supply in the U.S. last year. The U.S. Federal Bureau of Investigations released a report on the group in April, warning that it’s “compromised at least 60 entities worldwide.”

Bandai Namco issued a statement to Eurogamer on Wednesday that the attack occurred on July 3, but has not disclosed what information has been compromised. The company’s full statement is as follows:

On 3rd July, 2022, Bandai Namco Holdings Inc. confirmed that it experienced an unauthorised access by third party to the internal systems of several Group companies in Asian regions (excluding Japan).

After we confirmed the unauthorised access, we have taken measures such as blocking access to the servers to prevent the damage from spreading. In addition, there is a possibility that customer information related to the Toys and Hobby Business in Asian regions (excluding Japan) was included in the servers and PCs, and we are currently identifying the status about existence of leakage, scope of the damage, and investigating the cause.

We will continue to investigate the cause of this incident and will disclose the investigation results as appropriate. We will also work with external organizations to strengthen security throughout the Group and take measures to prevent recurrence.

We offer our sincerest apologies to everyone involved for any complications or concerns caused by this incident.

Bandai Namco has not responded to Polygon’s request for more information.

Over the past few years, a number of video game companies have been targeted in similar cyberattacks. Nvidia, Cyberpunk 2077 developer CD Projekt Red, Electronic Arts, and Capcom have all faced security breaches in attacks of various sizes, some of which included source code, employee information, and other sensitive data. These hacks were not linked to the Black Cat ransomware, however.