Razer sues IT vendor over data leak, says security breach caused RM31.09mil in losses

SINGAPORE: Home-grown gaming equipment company Razer has sued an IT vendor for allegedly causing a widely documented cybersecurity breach within 2020 that resulted in a leak of its consumer and sales data.

In a case that opened in the High Court upon Wednesday (July 13), Razer said the breach caused the organization to suffer a minimum of US$7mil (RM31. 09mil or S$9. 84mil) in losses.

ALSO GO THROUGH: Singapore positioned No . 6 internationally for having most number of exposed databases

It includes a substantial loss of profits, expenses incurred in looking into and responding to the particular incident and expenses incurred by related and dealing with regulators.

Razer will be seeking to recover the particular losses from Capgemini, alleging that one from the defendant’s employees was your culprit who caused the security breach when he misconfigured and disabled the security settings of a computer machine.

FURTHERMORE READ: SG fashion brand fined S$24, 000 more than 2019 data breach involving over 5, 500 customers

Razer’s attorney, Wendell Wong associated with Drew and Napier, said in his opening statement that its expert ascertained the security misconfiguration happened during a 16-minute windowpane on June eighteen, 2020.

Wong added that specialists agreed that the misconfiguration was caused by someone that had accessed the configuration file of the server and disabled the line of code relating to the security settings.

Between 06 18, 2020 and Sept 10, 2020, data stored in the computer system was leaked out to the public, he or she said.

The Straits Periods reported then that breach was discovered simply by cybersecurity consultant Volodymyr Diachenko, who approximated that 100, 000 customers worldwide had their shipping info and order details leaked.

The customers’ credit card numbers and passwords were safe, Razer acquired said then.

On July thirteen, Wong said Capgemini “has refused and continues to refuse to consider an ounce associated with responsibility for the cybersecurity breach”.

In its defence, Capgemini said its employee failed to cause the misconfiguration and suggested that presence of new IP addresses set up simply by Razer could have been the main cause.

Capgemini furthermore alleged that Razer failed to mitigate the losses by not really taking steps after it became aware of the security breach within August 2020 through its support route.

In the lawsuit, which was filed within 2020, Razer stated it engaged Capgemini as its IT advisor in March 2019 to upgrade its digital commerce platform.

Capgemini later recommended that Razer install and make use of the ELK Stack system, comprising a search plus analytics engine, a data processing pipeline and a data visualisation application.

Razer said that on June 17 or June 18, 2020, Capgemini employee Argel Cabalag was tasked to undertake troubleshooting, as Razer staff could not sign in to the system.

Razer said Cabalag was the only one who seem to accessed the server during the 16-minute home window and was also the only person with access who else knew how to improve the configuration file.

When Razer’s management team learned about the cybersecurity infringement and activated Cabalag, he was able to solve the issue within a time, said Wong.

Razer denied it had failed to mitigate its losses plus said its management team became conscious of the breach upon Sept 9, 2020.

“Razer do its best to react to the cybersecurity breach as soon as the correct decision-makers in the company were made aware of exactly the same, ” said Wong.

The demo continues.