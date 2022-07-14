Home-grown gaming hardware company Razer has sued an IT vendor over a cyber-security breach in 2020 that resulted in a leak of its customer and sales data.

In a case that opened in the High Court yesterday, Razer said the breach caused the company to suffer at least US$7 million (S$9.8 million) in losses.

It includes a significant loss of profits, costs incurred in investigating and responding to the incident and costs incurred by corresponding and dealing with regulators.

Razer is seeking to recover the losses from Capgemini, alleging that an employee of the defendant was the culprit who caused the security breach when he misconfigured and disabled the security settings of a computer server.

Razer's lawyer, Mr Wendell Wong of Drew and Napier, said in his opening statement that its expert found that the misconfiguration occurred during a 16-minute window on June 18, 2020. Mr Wong added that the misconfiguration was caused by someone who had accessed the configuration file of a server and disabled the line of code relating to the security settings.

Between June 18, 2020 and Sept 10, 2020, data stored in the computer system was leaked to the public, he said.

The Straits Times reported then that the breach was discovered by cyber-security consultant Volodymyr Diachenko, who estimated that 100,000 customers worldwide had their shipping information and order details leaked.

In its defence, Capgemini said its employee did not cause the misconfiguration and suggested that new IP addresses set up by Razer could have been the cause.

Capgemini alleged that Razer failed to mitigate its losses by not taking steps after it became aware of the security breach in August 2020 through its support channel.

Razer said it engaged Capgemini as its IT consultant in March 2019 to upgrade its digital commerce platform; Capgemini later recommended that Razer use the ELK Stack system.

Razer said that on June 17 or June 18, 2020, Capgemini employee Argel Cabalag was tasked to do troubleshooting, as Razer staff could not log in to the system.

Razer said Mr Cabalag was the only one who accessed the server during the 16-minute window.

Razer denied that it had failed to mitigate its losses and said its management team became aware of the breach on Sept 9, 2020.

"Razer did its best to respond to the cyber-security breach as soon as the correct decision-makers in the company were made aware of the same," said Mr Wong.

The trial continues.