Cyber Incident Victim: Arc System Works
Date:
May 2025
Location:
Japan
Summary
Arc System Works disclosed that a third party illegally accessed its systems and that data held by the company was leaked to outside parties. The company stated that, as of the latest update, it had not confirmed that any user personal information or player account information had been exposed, and it was working with external experts to determine the cause and scope of the incident. It apologized for the inconvenience and concern caused and advised users not to access the allegedly leaked data due to the risk of malware infection.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 1, 2025, Arc System Works issued an official statement revealing that it had discovered an illegal intrusion into its systems by a third party. The statement explained that data held by the company had been leaked to outside parties as a result of the unauthorized access. Arc System Works, which was founded on May 12, 1988 and is headquartered in Yokohama, noted that it had not yet confirmed, as of May 12, that any personal information of users or player account details had been exfiltrated. The company said it was collaborating with external experts to determine the cause of the breach and the full scope of the impact. It pledged to provide updates should new facts emerge during the investigation.

The statement also included an apology to all affected parties for the inconvenience and concern caused by the incident. Arc System Works emphasized that it was taking the matter seriously and was working diligently with outside specialists to uncover how the intrusion occurred and what data had been compromised. The company indicated that it would continue to monitor the situation and would inform the public promptly if any additional information became available. No specific technical details about the attack vector or the compromised systems were disclosed in the public notice.
In addition, Arc System Works warned recipients not to attempt to access any data that was alleged to have been leaked, stating that doing so could pose a risk of malware infection. The warning was included to prevent further harm that might arise from interacting with the potentially malicious material. The company concluded its notice by reiterating its sincere regret for the incident and its commitment to resolving the matter.
