SG – Singapore On Friday, 9 December, the High Court upheld Razer’s position in the data breach action it brought against Capgemini, an IT services provider.

According to The Straits Times, the court gave Razer a US$6.5 million (S$8.7 million) damage award.

In September 2020, order information and shipping data for thousands of clients worldwide were compromised. In the same year, Razer filed a lawsuit against Capgemini for the breach.

The event cost the firm, which has offices in Singapore and the United States, US$6.1 million in earnings from its e-commerce platform. In addition, US$60,000 was paid for the services of forensic investigators who looked into the breach, US$320,000 was paid to a law company to deal with regulators, and US$2,000 was paid to security consultant Bob Diachenko who found the vulnerability.

On August 19, 2020, Diachenko reportedly informed Razer about the hack. Razer declared on September 11 that customer credit card information and passwords were safe.

According to Razer, a configuration issue happened on June 18, 2020, for a 16-minute period when former Capgemini employee Argel Cabalag introduced a “#” command to a configuration file that managed application security, the Straits Times said. He was given the job of debugging since a Razer employee was having issues accessing an application.

Due to a setup issue, the program did not need user authentication. Cabalag acknowledged to have created the misconfiguration during the trial in July 2022.

Judge Lee Seiu Kin ruled in writing that Capgemini had broken its contract with Razer and had been careless in handling the company’s login problems.