- Kyle Chua
Razer Sues IT Partner Over Breach That Exposed Customers’ Addresses and Private Data
Gaming hardware manufacturer Razer is taking its IT solutions provider to court over a cybersecurity breach that exposed customers’ private data.
Proceedings in the civil suit between the two companies began in Singapore’s High Court yesterday, 13 July, as Channel News Asia reports.
The complaint stems from an incident between the months of June to September of 2020 when a security researcher revealed that the personal information of over 100,000 Razer customers have been compromised. Razer, which has offices in Singapore and in California, previously disclosed that the breach may have exposed customers' order and shipping information, not passwords or credit card details.
Razer alleges that the breach was caused by a security misconfiguration in its internal IT system, which an independent expert claims was likely the fault of a Capgemini employee by the name of Mr Argel Cabalag. The employee in question was reportedly the only one troubleshooting the issue during a specific window when the incident occurred, which he later said had been resolved. Razer’s post-incident reports, however, found that the breach occurred because of actions taken during that window. Mr Cabalag was said to be the only one who had access and could make changes to Razer’s servers at that time.
The gaming company further claims it implemented a new data engine, ELK Stack, in its IT system upon the recommendation of Capgemini. It then contracted Capgemini personnel to serve as go-to experts on the system in its offices.
Due to the breach, Razer is now arguing that Capgemini failed to uphold its contractual obligations, which involved ensuring the IT systems were secure and that personnel deployed had the skill, qualifications and experience to perform the tasks required.
Razer said the publicity that surrounded the breach resulted in a “wide array of losses” which it expects Capgemini to pay in full. It also wants Capgemini to fully cover whatever damages, losses and expenses incurred and that Razer may incur as a result of the breach.
Razer is expecting to receive at least US$7 million (S$9.85 million) from the suit. There are also other losses which Razer is claiming that are being assessed including an estimated US$6.85 million in loss of profits from its online website and over S$50,000 for management and employees’ time and expenses, among others.
The trial, which is presided over by Justice Lee Seiu Kin, is scheduled to continue for the rest of the week.
Razer is taking Capgemini to court over a cybersecurity breach that exposed its customer’s private data.
The gaming hardware manufacturer alleges that the breach was caused by a security misconfiguration in its internal IT system, which was likely the fault of a Capgemini employee.
Razer is expecting to receive at least US$7 million from the civil suit.
Proceedings began in Singapore's High Court on 13 July, with it scheduled to continue for the rest of the week.