Cyberpunk 2077developer CD Projekt Red announced that it had been targeted by a ransomware attack earlier today. While the company reassures fans that their user account data remains secure, the hackers claim to possess thesource code for several of its high-profile games.

CD Projekt Redso far refuses to negotiate with the hacker, who threatens to release the data online. Now, digital privacy expert Ray Walsh believes the hack may have been an inside job. He also warns that refusing to comply may be a hazardous move for CDPR.

RELATED:Ori Director Apologizes for Cyberpunk 2077, No Man’s Sky Comments

Walsh, who works with online privacy research group ProPrivacy, outlined his concerns in a statement shared with Nintendo Life. The hackers claim to have copies of the source code forCyberpunk 2077and an unreleased version ofThe Witcher 3. If true, this data would be enormously useful to online pirates. To quote Walsh, “If the game code is released online, this would permit cracked versions of their games to proliferate online for free, as a result of which the studio could find themselves hemorrhaging profit.” And the internet being the internet, there is virtually nothing CD Projekt Red can do to contain the data once released online.

Walsh suspects this could have been an inside job. After all, a CDPR developer would have easy access toCyberpunkandThe Witcher 3’ssource code. He further argues that CD Projekt staff would have a motive as well as opportunity. He cites the negative media reaction toCyberpunk 2077and CDPR’s reported blaming of developers as reasons someone might want to get back at the company. The allegedmismanagement and poor working conditions at CD Projekt Redalso explain why some developers might have an ax to grind.

Of course, while Walsh describes an inside job as “plausible,” he is careful to avoid jumping to conclusions. CDPR reported the breach to Poland’s Personal Data Protection Office, which is investigating the hack. It may be some time before the investigation bears fruit, and Walsh encourages everyone to be patient.

However, patience is not the same thing as complacency. Walsh stresses the importance of remaining vigilant for security risks. “Consumers will need to watch this incident closely to be sure that no personal data was affected that could be leveraged for phishing or ID fraud, for example.” That’s excellent advice considering therecent security concerns regarding mods forCyberpunk 2077.

And CD Project Red is not the only company to suffer a significant breach in recent months. In November, legendary gaming giantCapcom was the target of a major ransomware attack. In addition to information on upcoming games, the attackers stole several thousand Capcom employees’ personal data. These breaches are a sobering reminder of what every digital security expert already knows: no network is ever truly secure.

Cyberpunk 2077is available for PC, PS4, Stadia, and Xbox One, with planned PS5 and Xbox Series X/S upgrades.

MORE:What’s Next for Cyberpunk 2077 in 2021