Australias leading gaming enterprise, Crown Resorts, has acknowledged that some of their internal records have been disseminated on the shadowy realm of the dark web.
The revelation of this data breach came to light following a cyber assault on GoAnyware, a widely used file transfer platform, on the 2nd of February. A malicious actor exploited a vulnerability in GoAnyware’s security infrastructure, enabling them to illicitly obtain information from numerous organizations, including Crown Resorts.
On the 27th of March, Crown Resorts received communication from a ransomware syndicate asserting possession of a substantial volume of their documents. Crown Resorts is presently conducting an inquiry into this assertion and has affirmed that no customer details have been compromised and that their business operations remain undisturbed. They are collaborating with law enforcement agencies and gaming regulatory authorities to thoroughly examine the circumstances surrounding this incident.
On the fifth of April, Crown Resorts verified that a small number of documents, including worker time and attendance records, as well as Crown Sydney membership identifiers, were released on the dark web. The organization stressed that customer personal data was not compromised in the data leak.
The published documents do not contain bank names, tax identification numbers, branch codes, or salary slip details. The company assured the public that membership identifiers are merely numerical and do not contain any identifying or personal details.
“We are actively reaching out to all impacted individuals and, as a preventative measure, are updating membership identifiers for those affected,” a representative stated. “Crown Resorts will continue to collaborate with law enforcement and regulatory authorities to address this cybercrime.”
Sign up for the iGaming newsletter.