CD Projekt Red have revealed that an unknown attacker has hacked the company’s internal network and threatening to leak sensitive data including business documents and source code for various games. CDPR have released an official statement on the matter, as well as revealing the hacker’s ransom note.

Specifically, the hacker mentions that they have stolen the source codes for Cyberpunk 2077, The Witcher 3, Gwent, as well as an unreleased version of The Witcher 3, from a perforce server. In addition, the business documents mentioned above include accounting, administration, legal, HR, investor relations, and more related documents not specified by the attacker.

“Yesterday we discovered that we have become a victim of a targeted cyber attack,” CD Projekt Red said in an official statement. “Due to which some of our internal systems have been compromised.”

“An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note the content of which we release to the public.”

Luckily, it seems that CDPR’s backup files remain intact, and so the studio will be able to recover all the necessary documents that have been encrypted by the hacker: “although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data.”

As they have done with previous hacks to the studio, CD Projekt Red will not be giving into the demands or even negotiate with the hacker. However, they are aware that this may result in some of their compromised data being leaked online, of which they are trying to mitigate as much of the consequences as possible, “in particular by approaching any parties that may be affected due to the breach.”

Apparently none of the data that has been compromised included any personal information from their players or users of their service. CDPR have approached the relevant authorities including law enforcement as well as the President of the Personal Data Protection Office, and IT forensic specialists. The incident is still under investigation.