Data stolen during a ransomware attack against CD Projekt is now circulating online. CD Projekt, a Polish game developer, was hit by a ransomware attack in February that allowed attackers to steal source code and business information before encrypting the company’s data.
Today, CD Projekt said in an announcement that their data was being circulated and that it might include employee and contractor details. The company could not provide any more details on the matter, except to say that it believes that the data in question might pertain to current and former employees and contractors and its games.
“We are not yet able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games. Furthermore, we cannot confirm whether the data involved may have been manipulated or tampered with following the breach,” said CD Projekt in a new security update.
CD Projekt is now working with law enforcement and other agencies related to anti-crime:
“Currently, we are working together with an extensive network of appropriate services, experts, and law enforcement agencies, including the General Police Headquarters of Poland. We have also contacted Interpol and Europol. The information we shared in February with the President of the Personal Data Protection Office (PUODO) has also been updated.”
The ransomware attack that breached CD Projekts’ network was carried out by HelloKitty, a group of hackers who managed to steal source code for the Polish studio’s Cyberpunk 2077 and the Witcher 3 flagship games. They also claim to have exfiltrated accounting, administration, investor, HR, and legal documents.
The HelloKitty ransomware gang reportedly sold CD Projekt’s data in February, and now it’s circulating online.
Another threat actor group, which goes by the name PayLoad Bin (previously Babuk Locker), has just published 364GB of data, what they claim to be the complete code for CD Projekt’s games.