UPDATED 20:14 EDT / JULY 14 2022


Japanese video game publisher Bandai Namco targeted in ransomware attack

Japanese video game publisher Bandai Namco Holdings Inc. has been targeted in a cyberattack that may have resulted in data theft.

The company, which publishes games such as “Pac-Man,” “Dragon Ball” and “Elden Ring,” is officially describing the attack as unauthorized access by a third party to internal systems of group companies in Asian regions excluding Japan. The company said that it had blocked access to servers to “prevent damage from spreading,” giving a hint of what form of cyberattack took place.

Typical data theft doesn’t result in “damage,” making the obvious candidate ransomware, which is what it appears to be. Bleeping Computer reported Wednesday that the BlackCat ransomware gang, also known as AlphV, claimed responsibility for the attack and said that it had also stolen corporate data.

AlphV/BlackCat was in the news in January when it took responsibility for a ransomware attack on Italian luxury fashion brand Moncler SpA. The gang was also in the news earlier this week when it started to offer the ability to search stolen data in an effort to have victims pay ransom demands.

Bandai Namco said that data stolen in the attack may have included customer information related to the Toys and Hobby Business in Asian regions. The company did not specify the range of personally identifiable information that may have been accessed.

The theft of the data through group companies versus Bandai Namco directly was noted by security experts. Demi Ben-Ari, chief technology officer and head of security for security risk management provider Panorays Ltd., told SiliconANGLE that the fact that the company’s confirmation that systems were accessed through one of its third-party entities paints a clear example that there must be better management of these types of entities with regard to security.

“Just as if they were a ‘regular third party,’ these entities must be assessed with the same cyber risk framework as the parent organization,” Ben-Air explained. “Basic steps can be taken such as improving overall cyber hygiene across the organization, as well as continuous monitoring and engagement with these types of third parties.”

Lisa Plaggemeier, interim executive director of the National Cybersecurity Alliance, warned that if attackers were able to access any user data stored on Bandai Namco’s systems related to online multiplayer games it publishes, such as “Genshin Impact” and “Elden Ring,” that could create a whole new set of threats for gamers. “Any sensitive info gleaned can likely be further used for phishing and social engineering attacks against users in the guise of publisher or as online gaming service provider personnel,” she said.

Image: Bandai Namco Studios Vancouver

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.