This morning, CD Projekt Red revealed they’ve fallen victim to a cyber attack. Yesterday, they discovered an unknown hacker had gained “unauthorised access to [their] internal network”, leaving a ransom note claiming they’d nabbed full copies of the source codes for Cyberpunk 2077, The Witcher 3 and Gwent, as well as internal legal documents. At this time, CDPR don’t believe any personal player data has been taken. They’re still investigating the incident.
“An unidentified actor gained unauthorised access to our internal network, collected certain data belonging to CD Projekt capital group, and left a ransom note the content of which we release to the public,” CDPR posted this morning. “Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data.”
The ransom note claims the hackers have “dumped full copies of the source codes from the Perforce server for Cyberpunk 2077, Witcher 3, Gwent and the unreleased version of Witcher 3”. They add that they’ve “dumped all documents relating to accounting, legal, HR, investor relations and more”, and threaten to sell or leak all of this online.
“We will not give into the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data,” CDPR’s statement continues. “We are still investigating the incident, however at this time we can confirm that – to our best knowledge – the compromised systems do not contain any personal data of our players or users of our services.”
The company adds that they’ve already been in touch with law enforcement, the Personal Data Protection Office and IT forensic specialists, and investigations into the hack are ongoing.
Multiple game developers were hit by similar cyber attacks late last year. In November, hackers reportedly leaked the source code for Watch Dogs: Legion. Later that same month, details about Resident Evil Village was leaked online, following a ransomware attack on Capcom.