Cyber Incident Victim: Koei Tecmo Europe Limited
Date:
Dec 2020
Location:
United Kingdom
Summary
A cyberattack targeting Koei Tecmo Europe Limited's website potentially compromised approximately 65,000 user records from its Forum page, exposing optional account names, encrypted passwords, and email addresses. No credit card information was involved, and no other company systems were confirmed breached. While the perpetrator remained unidentified, investigators assessed ransomware involvement as unlikely and noted no extortion demands. The subsidiary's website was temporarily shut down, its internal network isolated, and mandatory breach notifications were filed with GDPR authorities and UK law enforcement due to the risk of personal data exposure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 8 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 22, 2020, Koei Tecmo Holdings Co., Ltd. disclosed that its UK subsidiary Koei Tecmo Europe Limited (KTE) had potentially suffered a data breach involving user information collected through its website. The investigation centered on unauthorized access to KTE's "Forum" page, which contained approximately 65,000 registered user entries. Compromised data included optional account names, encrypted passwords, and registered email addresses, though no credit card information was stored on the affected platform. Initial analysis confirmed the breach was isolated to the Forum, with no evidence of intrusion into other sections of KTE's website or parent company systems. Koei Tecmo emphasized that while data exposure occurred, no ransomware deployment or extortion demands had been identified at this stage.
Koei Tecmo immediately disabled KTE's website following the discovery and severed the subsidiary's connection to its internal network to prevent lateral movement. The company notified European Union authorities under GDPR obligations due to the risk of personal information exposure affecting EU residents. Concurrently, KTE filed a criminal damage report with UK law enforcement agencies to initiate a formal investigation. Forensic efforts continued to determine the attack vector and identify potential threat actors, though no attribution had been established by the disclosure date. The incident remained under active investigation with no additional compromised systems or data categories identified beyond the initial Forum breach assessment.