Gaming firm Razer awarded US$6.5 million in damages over IT vendor data leak

SINGAPORE — Gaming firm Razer was awarded US$6.5 million (S$8.7 million) in damages by the High Court on Friday (Dec 9) after winning a lawsuit against IT vendor Capgemini over a data leak.

The data leak in 2020 involved personal information, as well as order and shipping details, of about 100,000 Razer customers.

It made headlines after security consultant Bob Diachenko discovered the breach and posted a LinkedIn article about it on Sep 10, 2020.

Razer sued Capgemini in the same year over the breach, claiming at least US$7 million (S$9.85 million) in losses.

Razer, co-founded by Singaporean Tan Min-Liang, has headquarters in both Singapore and California.

The damages awarded to the company included US$6.1 million in loss of profits from Razer's e-commerce platform, about US$320,400 for engaging a law firm, US$60,000 for paying an information technology forensic expert to investigate the matter, and US$2,000 to Mr Diachenko for discovering the leak.

The company was not awarded S$50,000 for loss of profits arising from a rejection of a digital bank licence application, and another S$50,000 in time and expenses by the management and staff.

The issue began in June 2020 when a Capgemini employee, Argel Cabalag, was tasked with helping Razer with a login problem on an internal IT system.

Razer's case was that Mr Cabalag added a “#” command to a configuration file that controlled security and access to an application. The misconfiguration then disabled the security settings of the application.

Capgemini, a French multinational company, initially said in its defence that Mr Cabalag was not responsible for the misconfiguration.

It argued that the presence of new IP addresses set up by Razer could have been the cause of the misconfiguration of the security settings.

However, on the sixth day of the trial, Mr Cabalag admitted that he had been the one who caused the misconfiguration.

In a written judgment on Friday, Justice Lee Seiu Kin found that Mr Cabalag’s assistance with the login problem fell within his job responsibilities set out in an agreement in April 2020.

The judge added that Capgemini had breached its contractual agreement with Razer. CNA

For more reports like this, visit cna.asia.