Breach, Content, MSSP

Data Breach Lawsuit: Will IT Service Provider Capgemini Owe Damages?

Weakness of digital data security system illustration, broken lock symbol, dark circuit concept.

IT service provider and consulting firm Capgemini is facing a lawsuit related to a June 2020 data breach. The plaintiff -- gaming company Razer -- is seeking $7 million in damages. A trial in Singapore's High Court regarding the dispute is underway, according to Vulcan Post.

Razer claims it has suffered approximately $6.85 million in profit losses from its online website due to the data breach, Vulcan Post reported. Razer is pursuing damages for an unquantified sum for profit losses from the rejection of its digital bank license application.

In addition, Razer is seeking a declaration that Capgemini pay full compensation for damages, losses and expenses incurred and any that the company may incur going forward as a result of the breach.

100,000 Customers Impacted

The Razer data breach occurred due to an issue with an IT system, Vulcan Post said. It may have exposed the personal information of about 100,000 Razer customers.

Security researcher Volodymyr Diachenko in August 2020 discovered that the Razer data breach may have occurred due to a misconfigured Elasticsearch cluster, Ars Technica reported. The cluster contained records of Razer customer orders and information such as items purchased, customer email addresses and phone numbers. It also was exposed to the public and indexed by public search engines and took more than three weeks to fix.

Experts from Razer and Capgemini agreed that the data breach was caused by a security misconfiguration, Vulcan Post noted. However, Razer now claims that a Capgemini employee recommended the IT system that led to the breach and is responsible for the incident.

Capgemini Business Background

Capgemini specializes in consulting, technology services and digital transformation. It has a Top 250 MSSP business unit and delivers cybersecurity services to organizations in nearly 50 countries.

MSSP Alert has reached out to Capgemini for comment, but has not received one as of press time.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.