Notice regarding breach of data on the KOEI TECMO EUROPE website (Update)
On 8th January 2021, KOEI TECMO EUROPE LIMITED (KTE) reported a data breach related to a website operated by the company for its European users. There is a possibility that some of the data collected from users has been leaked onto the Internet.
As the investigation has been concluded and necessary actions have been taken, it is now possible to report the following.
The website operated by KTE includes a "Forum" section which contains data from registered users. It has been determined that approximately 65,000 entries were accessed. Specifically, there is a high probability that account names (user-generated), passwords (encrypted), and registered email addresses were accessed by means of hacking.
However, it has been confirmed that no payment card data or similar details were stored in the website's "Forum" section. In addition, no breach of data outside of the "Forum" section of the website has been found.
The incident has been reported to the police, however at this time it has not been possible to identify the perpetrator. Regarding the method used, it has been determined that the possibility that ransomware was used is extremely low. In addition, there have so far been no demands or threats towards KTE or its parent company KOEI TECMO HOLDINGS CO., LTD. (KT).
3.Measures being taken
(1) Regarding the approximately 65,000 registered email addresses, their owners have been contacted directly with an apology and an explanation of the situation. At the time of writing no unusual or notable comments or enquires have yet been received.
(2) The KTE website was taken offline temporarily, and a provisional replacement site was created, which is now open for public access. However, the "Forum" section remains closed. A date for its reopening has not yet been set.
(3) As email addresses are confirmed to have been leaked, a report was filed with the Information Commissioner's Office in the UK regarding a breach of personal information, in accordance with the EU General Data Protection Regulation (GDPR). The Information Commissioner's Office ultimately decided that it was not necessary to take any punitive measures against KTE in relation to this data breach. This was likely due to the responsive actions taken by KTE and KT being evaluated favourably.
KTE apologises for any concern or inconvenience this may have caused to its customers and business partners.
This incident will not have any negative impact on game development or other business endeavours. Moreover, the impact on the business performance of KT and the KT Group for the period of March 2021 is expected to be very minimal.
KTE will work to prevent similar issues from occurring in the future, and further strengthen its security system while simultaneously taking strict actions against illegal acts such as unauthorised access.