CD Projekt Red followed up today with new information regarding a security breach that targeted the company in February.
It appears that the leak was worse than originally thought. The company behind Cyberpunk 2077 released the following statement via their Twitter account:
We would like to share with you a follow-up on the February security breach which targeted the CD Projekt Group. Today, we have learned new information regarding the breach, and now have reason to believe that internal data illegally obtained during the attack is currently being circulated on the Internet.
We are not able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games. Furthermore, we cannot confirm whether or not the data involved may have been manipulated or tampered with following the breach.
Currently, we are working together with an extensive network of appropriate services, experts, and law enforcement agencies, including the General Police Headquarters of Poland. We have also contacted Interpol and Europol. The information we shared in February with the President of the Personal Data Protection Office (PUODO) has also been updated.
We would also like to state that regardless of the authenticity of the data being circulated we will do everything in our power to protect the privacy of our employees, as well as all other involved parties. We are committed and prepared to take action against parties sharing the stolen data.
We’ll let you know if we learn new information.