Cloud Imperium Games (CIG), the game company behind Star Citizen and Squadron 42, says attackers breached systems containing some users' personal information in January.

The California-based publisher and video game developer was founded in 2012 by game developer Chris Roberts (of Wing Commander fame), and it operates five game studios with a crew of over 700 employees.

In 2012, it announced the multiplayer space-simulation game Star Citizen. However, despite a Kickstarter campaign that raised over $2 million from backers, the game has still not exited its "early access" phase 14 years later.

This week, in a somewhat hidden notice published on its website, CIG revealed that it discovered a breach on January 21 in which attackers gained access to the basic account information of an undisclosed number of users.

"On 21 January 2026, CIG was targeted by a systematic and sophisticated attack, resulting in unauthorised access to some backup systems, including limited access to users' personal data," the game company said.

"While CIG is still monitoring the situation, we do not consider that the incident poses a risk to the safety of our users. The data impacted relates only to basic account details (i.e. metadata, contact details, username, date of birth, and name)."

CIG added that it has yet to find evidence that any of the accessed data was leaked online, and that the compromised systems didn't contain credentials or financial information.

"No financial or payment information was stored in the affected systems and was not accessible. No passwords were impacted, and the access was read-only. No data-injection or modification occurred," it noted.

"We are closely monitoring the situation and our systems to ensure that no further incidents occur. We are also taking steps to assess and detect whether any data that was accessed is released publicly. At this stage, there are no indications of any such activity."

While the game studio downplayed the incident, adding that it doesn't believe the "incident will have any impact" on its users, threat actors could use the exposed personal information in phishing attacks.

BleepingComputer reached out to Cloud Imperium Games to ask whether affected users had been notified and whether the attackers had made a ransom demand, but a response was not immediately available.