CD Projekt Employees Suspect Identity Theft
This morning, a former employee of CDP, Marcin Kosman, reported on Twitter that CD Projekt's employees are replacing their IDs for fear of identity theft after the recent attack. In response, the company informed our editors that at this point there is no evidence of personal data leak.
- Marcin Kosman, once associated with CD Projekt, claims that the company's employees are replacing their ID cards. He published the information on Twitter this morning;
- We asked CD Projekt for a comment on this matter;
- According to information gathered by the company, at this point there is no evidence of personal data leak.
The ransomware attack on CD Projekt is the hottest topic in the industry in recent days. The criminals acquired company data, as well as source code of its games. Yesterday we informed about the first consequence of the attack - the source code of the popular card game Gwent, and as well as Cyberpunk 2077, The Witcher 3 and Thronebreaker: The Witcher Tales are to be sold at an online auction. The hackers gave the company 48 hours to meet their demands following the attack. The Polish company, instead of going along with the criminals, decided to make the whole matter public.
New, disturbing information on the attack was provided this morning by Marcin Kosman from better. gaming agency, a former employee of CDP Sp. z o.o (CD Projekt's daughter company created in 2014). According to his sources, CD Projekt employees are replacing their ID cards after some began suspecting a case of identity theft may have taken place. According to Kosman, there was an attempt to take a loan using the personal data of one of the employees.
"My friends are reporting that after the leak of CD PROJEKT RED's data, the company's employees started replacing their IDs and verifying credentials at the Credit Office. One of them had a call from the bank, asking whether he really is the person trying to take a loan from them (no, he isn't)."
The leak is said to affect not only current employees of CD Projekt Group, but also former ones:
"It seems like the case includes, e.g. data of former employees of CDPR's associate company CDP.pl. This includes me. And I hear about this from third parties, and not the place that dropped the ball. What a lovely morning."
The company recently reported that, to the best of its knowledge, a leak of employees' personal data did not occur. We asked CD Projekt to verify the veracity of these reports. In response, the company maintains its position from the announcement published on February 9:
"At the moment we have no evidence that personal data has been accessed. However, we continue to recommend caution (e.g. enable alerts for fraud attempts)."
To sum up: we know that we know nothing. CD Projekt has not confirmed the information posted on Twitter, but the mere fact that at this point there is no evidence of a leak does not mean that it did not happen (although we all hope that there really was no leak). CD Projekt's ransomware attack case is developing at a rapid pace, so probably in the next few days we will know new details about the attack.
