The CD Projeckt Red hack data, including employee details, is now being circulated on the internet

CD Projeckt Red have announced that the data that was stolen from them in February is now being circulated across the internet. The company say the data may include “current/former employee and contractor details in addition to data related to our games.”

The company revealed the new information right in the middle of the Summer Games Fest, the timing of which is purely coincidental and they certainly weren’t trying to hide the news among all the game announcement. Absolutely not.


Here is the full statement.

This message is a follow-up on the February security breach which targeted the CD PROJEKT Group. Today, we have learned new information regarding the breach, and now have reason to believe that internal data illegally obtained during the attack is currently being circulated on the Internet.

We are not yet able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games. Furthermore, we cannot confirm whether or not the data involved may have been manipulated or tampered with following the breach.

Currently, we are working together with an extensive network of appropriate services, experts, and law enforcement agencies, including the General Police Headquarters of Poland. We have also contacted Interpol and Europol. The information we shared in February with the President of the Personal Data Protection Office (PUODO) has also been updated.

Since the breach, we have taken multiple measures to secure and harden our internal systems to protect against breaches like this in the future. These measures include the following:

  • our core IT infrastructure has been redesigned and rolled out;
  • new next-generation firewalls with advanced anti-malware protection have been implemented;
  • a new remote-access solution has been employed;
  • the number of privileged accounts, and access rights to accounts, has been limited;
  • a new mechanism for the protection of endpoints, servers, and networks has been installed;
  • our event-monitoring mechanisms have been improved;
  • we have expanded our internal security department;
  • we have established cooperation with multiple external cybersecurity & IT specialists.

We would also like to state that — regardless of the authenticity of the data being circulated — we will do everything in our power to protect the privacy of our employees, as well as all other involved parties. We are committed and prepared to take action against parties sharing the data in question.

For more information regarding February incident and actions recommended for former employees or contractors, please visit

Source: CD Projeckt Red

Written by
News Editor, very inappropriate, probs fancies your dad.

Leave a Reply