Global gaming giant Aristocrat has revealed it was the victim of a cyber attack earlier this year by which the personal information of staff was extracted and in some cases published.
In. a Friday statement, Aristocrat said the attack took place on 1 June 2023 with a hacker exploiting a vulnerability in the third-party file sharing software MOVEit used by the company.
Data extracted from a company server included, among other things, personal information belonging to Aristocrat employees, with Aristocrat confirming it is aware of reports that the criminals have now published extracts of the stolen data online.
In response, the company said it has notified the relevant authorities and worked with independent experts to determine what data was exfiltrated, as well as remedying the software vulnerability and advising all Aristocrat employees globally. They have been offered complimentary credit monitoring and identity theft protection services.
“Aristocrat has completed its risk assessment of any potential impact to its business arising from this incident,” the company said.
“Based on the information available as at this date, Aristocrat expects low business impact with the execution of an appropriate risk management and mitigation plan. We will continue to manage this incident proactively and comprehensively, in the best interests of our people, business and other stakeholders.”
It had previously been reported that Aristocrat was forced to terminate a trial of cashless gaming technology in NSW as a result of a cyber attack, however it is not the only gaming company to have suffered a similar event. In March, Australian casino operator Crown Resorts revealed it was investigating a potential data breach after a ransomware group claimed it was in possession of Crown files linked to its use of third-party file transfer service, GoAnywhere.