CNA – Gaming firm Razer was awarded USD6.5 million (SGD8.7 million) in damages by the High Court yesterday after winning a lawsuit against IT vendor Capgemini over a data leak.
The data leak in 2020 involved personal information, as well as order and shipping details, of about 100,000 Razer customers.
It made headlines after security consultant Bob Diachenko discovered the breach and posted a LinkedIn article about it on September 10, 2020.
Razer sued Capgemini in the same year over the breach, claiming at least USD7 million (SGD9.85 million) in losses.
Razer, co-founded by Singaporean Tan Min-Liang, has headquarters in both Singapore and California.
The damages awarded to the company comprised USD6.1 million in loss of profits from Razer’s e-commerce platform.
It also included about USD320,400 for engaging a law firm, USD60,000 for paying an information technology forensic expert to investigate the matter, as well as USD2,000 to Diachenko for discovering the leak.
The company was not awarded SGD50,000 for loss of profits arising from a rejection of a digital bank licence application, and another SGD50,000 in time and expenses by the management and staff.
The issue began in June 2020 when a Capgemini employee, Argel Cabalag, was tasked with helping Razer with a login problem on an internal IT system.
Razer’s case was that Cabalag added a “#” command to a configuration file which controlled security and access to an application. The misconfiguration then disabled the security settings of the application.
Capgemini, a French multinational company, initially said in its defence that Cabalag was not responsible for the misconfiguration.
It argued that the presence of new IP addresses set up by Razer could have been the cause of the misconfiguration of the security settings.
However, on the sixth day of the trial, Cabalag admitted that he had been the one who caused the misconfiguration.
