The ransomware attack suffered in February by CD Projekt Red — developers of The Witcher and Cyberpunk 2077 — seems to be more severe than initially thought. In addition to stolen source code for several of their recent games, CDPR is now also stating that sensitive employee data may also have been compromised.
CD Projekt Red disclosed that it had become victim to a ransomware attack earlier this year, compromising its servers and leaving a ransom note.
While they were quickly able to restore their backups, data stolen included the source code to Cyberpunk 2077, The Witcher 3, an unreleased version of The Witcher 3 featuring ray-traced graphics, and Gwent, the last of which was released by the hackers shortly after CDPR announced their unwillingness to negotiate.
A few days later, it was claimed that the stolen assets had been sold off, and — barring embarrassing gag reels of pre-release Cyberpunk bugs that call Projekt Red’s QA into question — it seemed like that was that. But now the entirety of the stolen game data has apparently resurfaced (despite the supposed “no further distribution” conditions on its sale!), along with console SDKs, and CDPR’s latest announcement has them both acknowledging this and admitting that sensitive data on employees and contractors was also stolen.
This, along with footage of a pre-alpha version of Cyberpunk that leaked last week, is hardly good news for the company, which states that it is working with law enforcement agencies including Europol and Interpol to track down the hackers. They’re also keen to emphasize that it cannot confirm whether or not any leaked data has been tampered with.