Held as ransom with source codes and documents.
CD Projekt has issued a statement stating that it has been the victim of a “targeted cyber attack” that compromised some of its internal systems.
On Twitter, the company said an unidentified actor had breached its systems and collected data from CD Projekt and threatened to publish the content. According to CD Projekt, some of its devices were encrypted in the attack, but the company’s backups are preserved and are currently being restored.
Unusually, CD Projekt also released a copy of the ransom note sent by the unidentified actor. They claim to have had access to “the source codes of [CD Projekt’s] Perforce servers for Cyberpunk 2077, Witcher 3, Gwent and the unreleased version of Witcher 3 “. They also claim to have been given access to” all of ” [CD Projekt’s] Documents related to accounting, administration, legal, human resources, investor relations and more “although the exact nature of these documents is not detailed. The notice requires that CD Projekt contact the sender or oppose the publication of the source codes and documents.
Important update pic.twitter.com/PCEuhAJosR
– CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021
CD Projekt has announced “neither to give in to the requirements nor to negotiate with the actor, as it is aware that this could ultimately lead to the publication of the compromised data”. It is currently in the process of contacting parties who may be affected by the breach, despite believing that players ‘and users’ personal information has not been compromised. They are currently working with law enforcement agencies, IT specialists and the President of the Office for Personal Data Protection to investigate the breach.