Game Mania has been hit by a ransomware attack this week. The perpetrators managed to gain access to the personal data of customers. No passwords or payment details were stolen. The incident has been reported to the national supervisory authority in the Netherlands and Belgium.
Game Mania announced the ransomware attack through a press release on Wednesday.
Affected systems taken offline
According to the computer game seller, the attack took place at 3 a.m. on Monday, January 10. The perpetrators managed to infiltrate a server containing company information. Game Mania stored, among other things, the personal data of customers on the server. Then you have to think of first and last names, residential addresses, e-mail addresses and telephone numbers. The retailer emphasizes that no passwords or payment details were obtained in the data breach.
When the data breach came to light, Game Mania immediately took the affected systems offline. The company is doing everything it can with external security experts to investigate the situation and restart the systems as soon as possible. When that will be is still unclear. The security staff also look at the current infrastructure and existing security procedures of Game Mania. The attack does not affect the physical stores.
“Once the situation is restored, we will implement our partner’s recommendations and take appropriate measures to further optimize Game Mania’s cybersecurity,” the game vendor wrote in its press statement. The data breach has been reported to the regulator in both the Netherlands and Belgium. These are respectively the Dutch Data Protection Authority and the Data Protection Authority (GBA).
Game Mania warns against phishing
The General Data Protection Regulation (GDPR) stipulates that companies and organizations must report a cyber attack or data breach to the national supervisory authority within 72 hours. The earlier victims are aware of this, the sooner they can take measures to limit the damage, the idea is. Companies that report an attack or leak after three days can be fined. The Dutch travel agency Booking.com was fined 475,000 euros for this last year.
Game Mania warns against phishing through its press release. Cybercriminals try to steal as much personal information from unsuspecting victims as possible with fake messages and counterfeit Internet pages. With this data, they try to steal money from their victims, for example by logging into their bank account if they have stolen their login details. What we also regularly see is that criminals sell this data on the dark web.
Still a lot unknown
Many details about the ransomware attack are still unknown. For example, we don’t know who is responsible for the attack and what ransomware was used in the attack. It is also unclear whether the perpetrators demanded a ransom, and if so, how much. No information has been released on the number of victims.
Game Mania could not be reached by phone for comment on Wednesday afternoon. We submitted a number of questions to the company via the contact form. We will update this post as soon as we get a response.
Update (January 14, 2021): Game Mania informs us that the investigation is in full swing. As a result, the retailer can provide a few additional details at this time. For example, it is unclear who is behind the ransomware attack. When asked how many customers have been affected by the data breach, the company still owes us an answer. As a precaution, Game Mania has decided to notify all its customers, both by email and via its website.
Whether the attackers demanded a ransom or not, the game seller is somewhat vague. “It is not yet clear how much the perpetrators are asking in exchange for the data,” said Kris Lenaerts, the CEO of Game Mania. He makes no mistake about one thing: if the perpetrators demand a ransom for the data, the company will not comply with this demand.
Finally, Lenaerts emphasizes that he expects the impact for customers to be limited. “The data breach does not hinder our activities. Both our physical stores and webshop are operational. Our customers can use our services as usual.” The CEO says he is working with external security experts to resolve the situation as quickly as possible.
Catch up on more articles here
Follow us on Twitter here