2K Games dropped an email to users today with notice of a data breach that occurred on September 19th. Here’s the notice in its entirety.
We are contacting you to let you know that an unauthorized third party gained access to, and a copy of, a limited volume of your personal data held in 2K’s helpdesk system and made it available for sale. We want to emphasize at the outset that keeping personal data safe and secure is very important to us, and we deeply regret that this has happened.
On 19 September 2022, we learned that an unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers.
Following further investigation, we discovered that the unauthorized third party accessed and copied some of the personal data we record about you when you contact us for support: the name given when contacting us, email address, helpdesk identification number, gamertag and console details. There is no indication that any of your financial information or password(s) held on our systems were compromised.
We also found that the unauthorized party sent a communication to certain players containing a malicious link purporting to provide a software update from 2K. Instead, the link contained malware that had the potential to compromise data stored on your device, including passwords.
WHAT WE ARE DOING
Upon discovering the incident, we immediately launched a thorough forensic investigation with the assistance of leading outside cybersecurity experts and promptly took steps to address the issue. This included taking the support portal offline while we investigated further and contained the incident. We already contacted all those sent malicious links and have been reporting the incident to appropriate data protection authorities. We also remain in communication with the appropriate law enforcement agencies.
WHAT YOU CAN DO
While our support portal is now back online and you can now contact it as normal, we recommend that you look out for suspicious activity across your accounts and be vigilant for unauthorized third parties trying to leverage the incident to harm you. In particular:
- Look out for scammers. 2K personnel will never ask you for your password or other personal information.
- Never click suspicious links. For example, links to websites that you do not recognize or did not expect to receive.
- Enable multi-factor authentication (MFA) whenever available. If possible, avoid using MFA that relies on text message verification – using an authenticator app is a more secure method.
- Install and run a reputable anti-virus program. This can help protect your device and data.
We continue to appreciate the support and understanding from our player communities and deeply apologize for any inconvenience and disruption that this matter may have caused. For more information and FAQs, please visit https://2k.com/playerinfo or reach us by visiting this link on our support site and selecting “Email Notification October 6th” from the dropdown menu.
Paradox Interactive Announces Life by You, A Game Where You Create A Dream Life
Defeat Aliens on the go as Squad 51 vs. The Flying Saucers Launches on Nintendo Switch
Aksys Games Summons a Card Set for Winter’s Wish: Spirits of Edo