CD Projekt said its backup systems remain untouched and doesn’t believe the compromised systems contained any personal data of its users of its services and players.
CD Projekt (WSE: CDR), a Polish game developer, publisher and distributor has announced that it has been hit with a “targeted cyber attack.” In a tweet on Twitter announcing the hack, the CD Projekt account stated that the cyber attack compromised some of its internal systems including the source code to its sci-fi Cyberpunk 2077 game.
The Polish game studio stated that the hackers behind the cyber attack gained access to its internal network and to the secured source codes to Cyberpunk 2077, Wither 3, card game Gwent and an unreleased version of Witcher 3.
“An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note,” the Polish company said on Twitter on February 8, adding that the hackers left a ransom note threatening to release the source codes of its games.
In a series of subsequent tweets, CD Projekt stated that they have no intentions of negotiating with the hackers. “We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data,” CD Projekt said in a tweet.
In another tweet made by the company’s account, CD Projekt revealed the ransom note they received from the hackers which read:
“If we will not come to an agreement, then your source codes will be sold or leaked online and your documents will be sent to our contacts in gaming journalism.”
The Polish company has said that they are taking the necessary steps and precautions to mitigate the consequences of such a release, and will start by approaching any parties that may be affected due to the breach.
Shares of CD Projekt have since sunk by 4.5% after news broke of the cyber attack and are down over 30% since Cyberpunk 2077 was released on December 10, 2020.
CD Projekt said its backup systems remain untouched and doesn’t believe the compromised systems contained any personal data of its users of its services and players. The company also announced that it is investigating the attack and has contacted law enforcement, the president of Poland’s Personal Data Protection Office, Jan Nowak, and IT forensics investigators.
CD Projekt has endured a very tough few months after the company was swamped with complaints from the gaming industry after the release of its sci-fi game, Cyberpunk 2077. Gamers complained about the numerous bugs in the game as well as it’s poor performance on older consoles. Cyberpunk’s title was subsequently pulled by Sony from its digital PlayStation Store over the criticisms and have not yet released a return date for it.
Vladimir Bespalov, an analyst with VTB Capital after the news of the attack stated that the most immediate negative effect would be the need to allocate resources to repair the damage but argued that it might slow down or derail the progress that the company has made in its effort to fix Cyberpunk 2077.