Razer takes Capgemini to court over data breach, says Capgemini played game of 'smoke and mirrors'

share on

twitter /
facebook /
linkedin /
- email
- telegram
- whatsapp
- wechat
- pinterest
- line
- snapchat
- reddit

Technology company Razer is suing info-technology company Capgemini for at least US$7 million for a cybersecurity breach that occurred in 2020. The breach was caused by a security misconfiguration, and led to the leak of confidential data of Razer's customers and its sales. According to an article on Today, the data leak took place over three months. A civil trial for the case started on 13 July at Singapore's High Court and Razer's lawyers claimed that Capgemini was shifting blame by “playing a game of smoke and mirrors" which then led to "a myriad of blame-shifting actions”, said an article on today.

Razer’s lawyers said that the company had engaged Capgemini as a “trusted and valued partner” to provide IT solutions. Razer also alleged that one of Capgemini's employees played a key role in the breach, when an issue cropped up within Razer's internal IT system.

Capgemini had recommended the ELK Stack platform, a platform that collects and processes large amounts of data from varying sources in a centralised data storage, to Razer. According to the reports, the employee had investigated an issue with Razer's ELF Stack platform a day before the breach, after Razer's employees were unable to resolve an issue that cropped up by themselves.

Today's article also quoted experts appointed by both Razer and Capgemini saying that the ELF Stack was manually disabled on the day the employee had configured the platform had caused the breach. Meanwhile, Capgemini has defended that Razer's new internet provider addresses may have also caused the breach. However, experts hired by Razer disagreed. Razer's lawyers have also added that Capgemini had failed to mention that the breach occured in its post-incident reports. Razer's management team had only found about the breach three months later.

Both Razer and Capgemini are global brands that are trusted within their industries. Razer was started by Singaporean entrepreneur Min Liang, and its three headed snake logo has now become a well-regarded logo within the global gaming and esports communities. With a fan base that spans every continent, the company has built one of the largest gamer-focused ecosystem of hardware, software and services.

Meanwhile, Capgemini is a leading strategic partner to companies around the world. It leverages on technology to help its clients with business transformation and has done so for more than 50 years. We address the entire breadth of business needs, from strategy and design to managing operations, across fast-evolving fields of cloud, data artificial intelligence, connectivity, software, digital engineering, and platforms.

The issue around cyber-security is becoming a more sensitive one as consumer's become more concerned with the privacy aspect of their data. In Asia, many consumers have also fallen prey to many scam incidents, making them even more sensitive to their privacy. Breaches have however become more prevalent with the increased adoption of digitalisation, especially during the pandemic.

Earlier this year, customers of Harbour Plaza Hotel in Hong Kong were asked to be on guard for possible scams when its booking database saw an attack compromising the data of more than a million customers. Customers of the hotel were also asked to check for unauthorised transactions, unusual email logins and even told to change their passwords. In Singapore last year, StarHub and OrangeTee fell victim to data breaches as well. Personal information of more than 57,000 customers subscribed to StarHub before 2007 was discovered to have been uploaded illegally on a third-party data dump website, while OrangeTee’s holding company OT Group received an email from a third-party, claiming to have accessed its IT network.

In 2020, due to a slew of data breaches occurring, the Singapore government had proposed the issuance of a fine of up to 10% of a company’s annual turnover in Singapore, or SG$1 million (whichever is higher), should a company be found guilty of a data breach.

share on