The report comes from Cyber Daily, who also broke the news of last year’s confirmed hack attack on Insomniac Games. The site claims that new ransomware group Mogilevich are the culprits, as per the screencap of a darkweb posting above, and that the hackers are now trying to get Epic or another party to pay up for the return of the data, with a deadline of 4th March.
Epic, however, say that they’ve yet to see any proof that a ransomware attack has taken place. “We are investigating but there is currently zero evidence that these claims are legitimate,” a spokesperson told Eurogamer this morning.
That’s the ideal, but not always the case. Last time I read the PCI rules, merchants could (still) handle/store card details just as they could before the hands-off approach existed; it just required someone to attest that precautions were taken. I’m sure you can guess how foolproof that is.
PCI audits are no joke, and if you’re getting one done and you’re handling and storing credit card details yourself it will be found.