CD Projekt Red, the maker of The Witcher series, Cyberpunk 2077, and other popular games, said on Friday that proprietary data taken in a ransomware attack disclosed four months ago is likely circulating online.

“Today, we have learned new information regarding the breach and now have reason to believe that internal data illegally obtained during the attack is currently being circulated on the Internet,” company officials said in a statement.

“We are not yet able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games.”.

A week later, the company maintained that the probability of employee personal data being disclosed was “low.” It went on to say that “after our investigation, we have not found any evidence that any personal data was actually transferred outside the company network” and that “due to the attackers’ course of action, we may never be able to say for certain if they actually copied any personal data.”.

It’s not clear why it took CD Projekt Red four months to determine that employee data has likely been affected.

Your California Privacy Rights | Do Not Sell My Personal Information