The company experienced “unauthorised access by third party to the internal systems of several Group companies in Asian regions (excluding Japan),” it confirmed in a statement.

This is the first time Bandai Namco has mentioned the hack publicly, two days after stories spread rapidly around various news sources.

“After we confirmed the unauthorised access,” the statement continued, “we have taken measures such as blocking access to the servers to prevent the damage from spreading. In addition, there is a possibility that customer information related to the Toys and Hobby Business in Asian regions (excluding Japan) was included in the servers and PCs, and we are currently identifying the status about existence of leakage, scope of the damage, and investigating the cause.”

Bandai Namco operations are split between South-East Asian territories and Japan itself, hence the specific clarification in the statement. That likely means anyone reading this statement in English has not been affected, though the company is not being completely transparent for obvious reasons.

“We will continue to investigate the cause of this incident and will disclose the investigation results as appropriate. We will also work with external organisations to strengthen security throughout the Group and take measures to prevent recurrence.”

The statement ended with an apology.

Given this information, it seems unlikely that interesting data for the general public – game plans, development documents, and so on – would be included, at least not for the publisher as a whole – you’d expect that to be at their home office in Japan. That said, release timelines for the Asia region, for example, could give a lot of information on their future slate. Other data that is very valuable even if you and I aren’t that interested in seeing it, like customer and employee information, is more likely to have been the main target.

Earelier, there were reports that Bandai Namco, publishers of Elden Ring, the Dark Souls series, various anime properties such as Dragonball and One Piece, Tekken, and many others, had been attacked by a ransomware group. The group, which goes alternately by Alphv, Alpha, or Black Cat, has claimed to have acquired a batch of data from Bandai Namco, alongside batches from aerospace company HydraElectric and the Royal Commission for Riyadh City, a company that focuses on the urban development of Saudi Arabia.

As you can imagine, if it doesn’t pay up, we may soon know an awful lot more about its operations. Of course, the security team there might equally decide Alphv doesn’t have anything worth paying for, or that they can get information back without paying. Anything’s possible.

More Coverage

How to tackle areas and bosses in Elden Ring

Kirk McKeand

Elden Ring patch 1.05 brings big changes

Ben Barrett

Gaming companies have been hit by these attacks a lot more in recent years. Two key factors are the move to work from home during the pandemic and the overall increase in general understanding surrounding the amount of money gaming companies have. Both make them prime targets for malicious actors. As Kotaku reports, Capcom, CD Projekt, Electronic Arts, and many others have been hit.

While it’s tempting to be excited for game leaks and information from inside one of the industry’s largest publishers, other data that can and has been released in these hacks includes personal information of employees. This can be exceptionally dangerous and at the least a massive nuisance for folks involved, who very likely weren’t the ones who made the mistakes leading to the hack.

Written by GLHF.