• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

Razer sues Gapgemini over security breach by Pinoy consultant

Rogue Trader

Rogue Trader

Alfrescian (Inf)
Asset

Gaming firm Razer sues IT vendor for nearly S$10m in losses over leak of customers’ data​

Gaming firm Razer sues IT vendor for nearly S$10m in losses over leak of customers’ data
RazerRazer's Southeast Asia headquarters located in Singapore's One-north district.
  • In September 2020, Razer discovered a months-long leak that exposed its customers’ confidential data
  • The firm is now suing its IT solutions provider, Capgemini, for at least US$7 million in losses
  • The civil trial began in the High Court here on July 13
  • Razer alleged that the leak stemmed from a security misconfiguration done by Capgemini’s employee

BY LOUISA TANG
Published July 13, 2022
Updated July 13, 2022

SINGAPORE — Gaming hardware maker Razer has sued a vendor over a cybersecurity breach that led to confidential data of its customers and sales being leaked to the public.

The data leak, which took place over three months from June to September 2020, made headlines when a security researcher revealed that the personal information of about 100,000 Razer customers could have been exposed.

Razer is claiming at least US$7 million (S$9.85 million) in losses from the vendor, French multinational info-technology company Capgemini.

A civil trial over the case began on Wednesday (July 13) in the High Court.

Razer, which was co-founded by Singaporean Tan Min-Liang, previously told TODAY that no sensitive data such as credit card numbers or passwords were exposed. Order details, customer and shipping information could have been leaked, the company said then.

READ ALSO​

Data leak at gaming firm Razer may have exposed 100,000 gamers’ personal information


Razer is known for its high-end gaming gear such as laptops and keyboards. It has headquarters in both Singapore and California in the United States.

'PLAYED A GAME'

In their opening statement, Razer’s lawyers from Drew & Napier said that Capgemini “played a game of smoke and mirrors and engaged in a myriad of blame-shifting actions”, denying all legal liability for the breach.

Razer contends that one of Capgemini’s employees, Mr Argel Cabalag, had caused the cybersecurity breach when an issue cropped up in Razer’s internal IT system.

Capgemini had recommended the ELK Stack platform to Razer. It collects and processes large volumes of data from multiple sources, storing it in one centralised data store.

Razer’s lawyers said that the company had engaged Capgemini as a “trusted and valued partner” to provide IT solutions. On Capgemini’s recommendation, Razer then agreed to implement the ELK Stack in its IT system, with Capgemini helping the firm to set up and configure the system.

Razer also contracted Capgemini’s personnel to be deployed on-site in its offices and act as go-to experts on the subject matter.

READ ALSO​

Razer execs offer to take firm private, valuing it at $3.2 billion


Razer’s lawyers said that due to a security misconfiguration in the ELK Stack, Razer “can and should be able to expect Capgemini to do the right thing by Razer and to be forthcoming with Razer about what went wrong”.

On June 17 and 18 in 2020, Mr Cabalag investigated an issue with Razer’s ELK Stack. Razer’s employees could not log in and resolve the issue themselves.

Experts appointed by both companies agreed that the cybersecurity breach on June 18 was caused by a security misconfiguration — security settings for the ELK Stack being manually disabled — that same day.

The experts also disagreed with Capgemini’s defence that new internet provider (IP) addresses set up by Razer could have led to the breach.

Razer’s independent expert said it was most likely that Mr Cabalag caused the security misconfiguration, given the events that occurred.

For example, during a 16-minute window when the expert said the misconfiguration had occurred, Mr Cabalag was the only one troubleshooting the ELK Stack.

He was also the only one with the knowledge and expertise to access and make changes to a configuration file in Razer’s server, and had reported to the Razer team that everything was fine shortly after the 16-minute window.
Razer’s lawyers pointed out that in its post-incident reports, Capgemini had failed to mention that the breach occurred because of actions taken during that window.

When Razer’s management team found out about the breach on Sept 9 in 2020, Mr Cabalag resolved the issue within a day. However, he claimed that he did not cause the breach and Capgemini also claimed that it could not tell who did it.

“Razer understands that Capgemini wants to dig in and ditch Razer at this altar of liability due to reputational issues. However, Capgemini was engaged for the job and was paid in full for it.

“Capgemini should therefore do the right thing by its customer – stand up and take responsibility.”

Razer contended that Capgemini had breached its contractual obligations, such as ensuring that its IT systems were secure and making sure that its personnel — including Mr Cabalag — had the appropriate and adequate skill, qualifications and experience.

Razer also claimed that Capgemini was liable for the breach through its negligence, having owed Razer a duty of care as the subject-matter experts in the IT field.

LOSSES TO BE ASSESSED

The gaming firm is claiming the following in losses:

  • Around US$6.85 million in loss of profits from its online website
  • S$50,000 for management and employees’ time and expenses
  • US$60,6000 for engaging a forensic investigator
  • S$223,000 for hiring law firm Norton Rose Fulbright to advise and act for Razer in responding to regulators worldwide
  • US$2,000 in compensation to the security researcher who discovered the leak, under Razer’s bug bounty programme
  • An unquantified sum for loss of profits from its digital bank licence application being rejected
Razer said that the cybersecurity breach was widely reported in mainstream and online media, causing a “wide array of losses” of “upwards of US$7 million at the very least”.

The company also seeks a declaration that Capgemini pays full compensation for all damages, losses and expenses incurred and which Razer may incur as a result of the breach.

On Wednesday, Razer's chief of staff Patricia Liu took the witness stand as the first plaintiff witness. She was also the firm's data protection officer when the data leak happened.

The trial is set to continue for the rest of the week before Justice Lee Seiu Kin.

Razer’s legal team comprises Mr Wendell Wong, Mr Andrew Chua and Ms Olivia Tan from Drew & Napier, while Capgemini is represented by Senior Counsel Andre Yeap, Mr Lionel Tan and Ms Yap Pui Yee from Rajah & Tann.
 
Rogue Trader

Rogue Trader

Alfrescian (Inf)
Asset

Gaming firm Razer wins lawsuit against IT vendor over data leak, awarded $8.7m in damages​

Selina Lum
Senior Law Correspondent
UPDATED

7 HOURS AGO

SINGAPORE - Gaming hardware company Razer has won its lawsuit against an IT vendor over a data leak, and was awarded US$6.5 million (S$8.7 million) in damages by the High Court on Friday.

Shipping information and order details of thousands of customers worldwide were leaked in a cyber-security breach that was widely reported in September 2020.

The gaming firm, which is headquartered in Singapore and the United States, sued the vendor, Capgemini, in the same year over the breach. Capgemini is a multinational IT services company headquartered in France.

The damages awarded largely comprised US$6.1 million in loss of profits from Razer’s e-commerce platform. The amount awarded also included about US$60,000 that Razer paid for a forensic expert to investigate the incident, about US$320,000 to engage a law firm to deal with regulators, and a US$2,000 payment to cyber-security consultant Bob Diachenko, who discovered the breach.

Mr Diachenko had alerted Razer to the breach on Aug 19, 2020. In a post on networking site LinkedIn on Sept 10, 2020, he estimated the total number of affected customers to be around 100,000. On Sept 11, Razer said customers’ credit card numbers and passwords were safe.

The dispute between Razer and Capgemini arose over the misconfiguration of a server file, which led to the data leak.

Razer had engaged IT consultancy WhiteSky Labs in 2019 to upgrade its digital commerce platform. In June 2020, after acquiring WhiteSky, Capgemini took on its contractual obligations owed to Razer.

Capgemini had recommended that Razer install and use an IT solution called the ELK Stack, comprising Elasticsearch, a search and analytics engine; Logstash, a data processing pipeline; and Kibana, a data visualisation application.

On June 17 or 18, 2020, Capgemini employee Argel Cabalag was tasked to do troubleshooting, as Razer staff could not log in to the Kibana system.

Razer, represented by Mr Wendell Wong and Mr Andrew Chua of Drew & Napier, said Mr Cabalag was responsible for the disabling of the security settings of Kibana.

Razer said Mr Cabalag added a “#” command to a configuration file in the Elasticsearch server that controlled security and access to Kibana. This misconfiguration allowed unauthenticated access to the Kibana application.

After being told of the security breach on Sept 9, 2020, Mr Cabalag resolved the issue the next day by removing the “#” command.

Capgemini, represented by Senior Counsel Andre Yeap of Rajah & Tann, said its employee did not did not cause the misconfiguration and suggested that new IP addresses set up by Razer could have been the cause.

However, on the sixth day of the trial in July 2022, Mr Cabalag admitted that he had been the one who caused the misconfiguration.

Razer argued that Mr Cabalag caused the data leak as a Capgemini employee, and thus Capgemini had breached the consulting services agreement, as it did not exercise reasonable skill and care in carrying out its work.

Capgemini argued that the log-in problem did not fall under the scope of work included in the agreement between them, and that Razer was the one responsible for maintaining the ELK Stack.

In a written judgment on Friday, Justice Lee Seiu Kin found that Mr Cabalag’s assistance on the log-in problem fell within the scope of work set out in the April 2020 statement of work between the parties.

The judge found that Capgemini had breached its contractual obligations to Razer and had also been negligent in its response to Razer’s log-in problem.

As for the damages, Razer’s expert calculated that the loss of profits from Razer.com would likely stand at US$6.1 million.

Capgemini’s expert said the amount did not consider other factors that affected sales, the accuracy of forecast targets and whether lost online sales were mitigated by sales at physical stores. He noted that only 246 customers had sent e-mails about their concerns over the security incident.

Justice Lee said the evidence of 246 customer queries was sufficient to prove that the security incident had impacted the willingness of customers to purchase products from Razer.com
 
gsbslut

gsbslut

Stupidman
Loyal
cqpgemini hire so many indians from yeendia
you must be stupid to use this company in the first place
 
borom

borom

Alfrescian (Inf)
Asset
Pinoyland and CECAland are PAPpy's favorites for talents, new citizens and new PAP voters -how many locals have died during NS before they can go to university and even on graduation lose out to these talents and brothers of TSL?
 
mojito

mojito

Alfrescian
Loyal
What are the chances of getting breached exactly with in that 15 min window? Very unlucky pinoy or may be an in side job! :eek:
 
gsbslut

gsbslut

Stupidman
Loyal
syed putra said:
If locals are do good in software, they could have got the job. But none emerged so far.
Click to expand...
u talkcock lah
indians are well known to bring their whole village into workplace organisation lah
once you let a few in, they will start their own village inside the company
 
syed putra

syed putra

Alfrescian
Loyal
Stickyballs said:
u talkcock lah
indians are well known to bring their whole village into workplace organisation lah
once you let a few in, they will start their own village inside the company
Click to expand...
Locals if they iwn the software company, can easily control who they employ.
But i have seen locals who own engineering companies, who avoid hiring locals.
 
You must log in or register to reply here.

Similar threads

gsbslut
Huge data leak dubbed the 'Mother of all Breaches' sees 26 BILLION records leaked from sites including Twitter, Linkedin, and Dropbox - here's how to
Replies
2
Views
658
eatshitndie
eatshitndie
P
Please Guess??? Digital Agency Former Staff Steal Starbucks' Sinkie Customers Data, Sold in on Dark Web!
Replies
5
Views
917
laksaboy
laksaboy
P
Serious Fullerton Healthcare Patient Data Including Bank Details Sold on Darkweb!
Replies
1
Views
397
laksaboy
laksaboy
Hightech88
Breaking: High Court rules former prime minister’s son Goh Jin Hian liable for losses of up to US$146million
3 4 5
Replies
88
Views
6K
congo9
C
Hightech88
Shopee sues ex-senior employee to stop him from working for 'competitor' ByteDance, citing non-compete clause
Replies
3
Views
687
eatshitndie
eatshitndie
Top