As if the recent cyber breach of Electronic Arts wasn’t enough. In February 2021, CD Projekt earlier announced the theft of intellectual property data pertinent to their Cyberpunk and The Witcher game titles. In a follow-up update posted today, the group further speculated that the personal information of current and former employees and contractors had been leaked and were currently being circulated on the internet.
According to an announcement posted on their website, the company said they “are working together with an extensive network of appropriate services, experts, and law enforcement agencies, including the General Police Headquarters of Poland”. They added that they “have also contacted Interpol and Europol”.
You can also read the update announcement, posted in a tweet by CD Projekt above.
What was initially stolen from CDPR?
According to CD Projekt, among the initially stolen data included source code to the RedEngine development software, Witcher 3: Wild Hunt (an upcoming ray-tracing version of Witcher 3), Thronebreak: The Witcher Tales and Cyberpunk 2077.
This breach was first advertised on an onion site on the dark web, with an initial bid of $1 million. According to the cyberintelligence firm, Kela, this data was later sold for $7 million but included an attribution that prevented further dissemination.
The hacker group “HelloKitty'' were previously implicated in the sale of the illegally-sourced IPs and claim to have also stolen legal, accounting and human resource documents from the company. Fortunately, the company stated that it will not entertain the demands of criminals and have consulted with law enforcement regarding the matter.
What has CD Projekt done to prevent future attacks?
While these breaches may seldom make headlines, the reality is that cyber breaches often occur (simply flying under our radar). These attacks are inevitable and affect even the largest, most notable organizations; including banks.
Despite this, it would appear that CD Projekt has major networking and security upgrades to do. Fortunately, they have done just that. The company outlined a few measures taken to mitigate the likelihood of future cyber breaches. In their official statement, they noted the:
- Redesign and roll-out of core IT infrastructure;
- Implementation of new, next-generation firewalls with advanced anti-malware protection;
- Installation of a new remote-access solution;
Number of privileged accounts, and access rights to accounts, would be limited;
- Installation of a new mechanism for the protection of endpoints, servers, and networks;
- Improvement to their event-monitoring mechanisms;
- Expansion of their internal security department;
- Establishment of cooperation with multiple external cybersecurity & IT specialists.
In consideration of the breach of private employee data, CD Projekt indicated that they will do everything in their power to protect the privacy of their employees; and third parties. They further added that they are prepared and committed to take action against the individuals responsible for the breach.
Other recent notable cyber breaches
Electronic Arts (or EA) recently suffered a similar cyberattack on its services, which included the theft of source code to the original development kit for the Microsoft Xbox console, product keys for FIFA, as well as other EA-developed game frameworks (including a game engine called “Frostbite”). Fortunately, the hack on EA did not include the theft of any player data.
(Picture: Custom image)
Relatedly, cyber breaches of both CD Projekt and Electronic Arts do not appear to have affected any of their game services and did not include leaking of private player data. This is great news for us, as we’ll still be able to play their games without any worry.
Do you want more esports or video game industry news and updates? Well, you’re in luck because we have an entire section on the GINX website, which is available right here.