Cloud Imperium Games (CIG), the studio behind Star Citizen and Squadron 42, confirmed a data breach that exposed user account details back in January. The disclosure, quietly posted on CIG’s website, admits attackers accessed backup systems containing basic user info: names, contact details, usernames, and dates of birth.
The breach, discovered on January 21, 2026, did not affect passwords or payment data. CIG insists the compromised systems were read-only and that no credentials or financial information were accessible. “No financial or payment information was stored in the affected systems and was not accessible. No passwords were impacted, and the access was read-only. No data-injection or modification occurred.”
What gamers need to know
If you’ve backed or played Star Citizen, your core account data may have been exposed. While CIG claims there’s no evidence of data leaking online, exposed contact info and birthdates can be used in phishing or social engineering attacks. There’s no indication yet of ransom demands or public data dumps, but vigilance is key.
CIG says it’s monitoring the situation and hasn’t found signs of further compromise. The company also claims the incident poses no risk to user safety, but the lack of direct user notification and the low-key disclosure raise eyebrows. If you use the same email or contact details for other services, consider tightening your account security and watching for suspicious messages.
Why this matters
Data breaches are nothing new in gaming, but CIG’s slow, subtle disclosure stands out. With Star Citizen still in early access after more than a decade and millions in crowdfunding, trust is already a touchy subject. Even if no financial data was hit, basic account info is valuable for attackers.
For now, there’s no evidence of widespread fallout. But with phishing on the rise, even “just” losing your contact info can open doors for scammers. If you’re a CIG account holder, keep an eye on your inbox and consider enabling extra account protections.
The bottom line
- No passwords or payment info were exposed, but personal details were.
- Stay alert for phishing attempts if you have a CIG account.
- CIG’s communication on the breach was minimal-don’t expect a direct heads-up.