Razer Wins Lawsuit Against IT Firm Over Data Leak, Earns $6.5 Million in Damages

An update on the Razer cyber-security breach scandal.

Razer triumphs over a data leak lawsuit involving Capgemini multinational IT services.

After the conclusion of the court proceedings on Dec. 9, the High Court awarded US$6.5 million in damages to gaming hardware company Razer, who had sued an IT vendor over a data leak.

According to The Straits Times, $60,000 was paid for the services of forensic investigators who looked into the breach, $320,000 was paid to a law firm to deal with regulators, and $2,000 was paid to security consultant Bob Diachenko who found the breach.

Thousands of customers' shipping information and order details were exposed worldwide in a cyber-security breach that was widely publicized back in September 2020, according to a past report from Tech Times. Razer later on, filed a lawsuit against the vendor Capgemini for the breach the same year. Capgemini is an international IT service provider based in France.

Razer's Data Leak Suit Against Capgemini

The disagreement between Razer and Capgemini came from the server file's incorrect configuration, which resulted in the international data breach.

Razer engaged IT consultancy WhiteSky Labs in 2019 to upgrade its digital commerce platform. In June 2020, after acquiring WhiteSky, Capgemini took on its contractual obligations owed to Razer.

To get into the specifics of the data leak, Yahoo reports that on June 18, 2020, for a 16-minute period, Argel Cabalag, a former employee of Capgemini, made a mistake by adding a "#" command to a configuration file that controlled application security. He was given the job of troubleshooting because a Razer employee was having trouble accessing an application.

Due to a configuration error, the application allowed access without user authentication, thus causing a worldwide cyber-security breach. Cabalag admitted to having caused the misconfiguration during the trial in July 2022.

Security consultant Bob Diachenko reportedly informed Razer of the hack. On 11 September, Razer said customers' credit card numbers and passwords were not compromised. Additionally, Judge Lee Seiu Kin ruled in writing that Capgemini had broken its contract with Razer and had been careless in handling the company's login problems.

Capgemini had recommended that Razer install and use an IT solution known as the ELK Stack, comprising Elasticsearch, a search and analytics engine; Logstash, a data processing pipeline; and Kibana, a data visualization application.

The Severity of the Razer, Capgemini Data Breach

Aside from their gaming equipment, Razer is renowned for having a cloud login for practically everything connected to their hardware. The business provides Synapse, a unified setup program that allows users to manage all of their Razer equipment through a single interface.

According to ARS Technica, the cluster held records of customer orders and contained details such as the item purchased, customer email, customer (physical) address, phone number, and so forth-basically, everything you'd expect to see from a credit card transaction, but without the actual credit card numbers. The public could access the Elasticseach cluster, and public search engines included it in their index.

Andi C.
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics