In a nutshell: Fate seems to have it out for CD Projekt Red. After Cyberpunk 2077’s very rocky launch, the studio discovered a serious mod vulnerability. Just days later, it was hit by a ransomware attack. Now, it cannot get out fixes of any kind because employees can’t access their tools through the studio’s VPN due to the attack.
On Wednesday, CD Projekt Red announced it needs more time to finish the Cyberpunk 1.2 patch. Version 1.2 is the second of two major updates that CDPR outlined in its plan to fix all that went wrong with its dystopian opus. The patch was due out this month, but the team said it needs until the second half of March to complete the work, citing a recent cyber attack as the cause.
Our goal for Patch 1.2 goes beyond any of our previous updates. We’ve been working on numerous overall quality improvements and fixes, and we still have work to do to make sure that’s what you get. With that in mind, we’re now aiming for release in the second half of March. 2/3
— Cyberpunk 2077 (@CyberpunkGame) February 24, 2021
Earlier this month, hackers hit CDPR with a ransomware attack and made off with source code for The Witcher 3, Cyberpunk 2077, and Gwent. The studio decided it would not be negotiating with the pirates, who subsequently sold that data. However, that did not end CDPR’s woes over the incident.
On Thursday, employees with the Warsaw-based developer told Bloomberg that most of them work from home and cannot access their workstations through the company’s VPN due to CDPR isolating the network from the internet. The studio also asked its developers to ship their home computers to its IT department to be scanned for malware, causing further delay.
The employees, who requested to remain anonymous, said they are also dealing with potential identity theft situations. Along with the stolen source code, the insiders claim the hackers accessed the staff’s personal information, including Polish identification numbers and passport details. Management instructed personnel to freeze their accounts and notify relevant parties of the security breach.