On 2 February, GoAnyware, a popular file transfer service operated by software developers Fortra, experienced a temporary service outage due to a “zero-day remote code injection exploit.” However, this incident led to malicious actors accessing and downloading information from various businesses, including Crown Resorts, Australia’s largest casino operator. Subsequently, on 27 March, Crown Resorts revealed that it had been contacted by a ransomware group claiming possession of certain Crown files. The company assured that no customer data had been compromised, but acknowledged an ongoing investigation to verify the claim. On 5 April, Crown confirmed that a small number of files, including employee time and attendance records and membership numbers from Crown Sydney, were released on the dark web. However, it reiterated that no personal information of customers was compromised in the breach.
Data Breach Details:
Crown Resorts confirmed that a limited number of files were released on the dark web following the cyberattack. The compromised files included employee time and attendance records, as well as membership numbers from Crown Sydney. Importantly, the company emphasized that no personal information of customers, such as bank names, tax IDs, BSB, or payslip information, was exposed. The membership numbers provided no identifying or personal information, serving as mere numerical references. Crown Resorts assured that customer data remained secure and that the breach did not impact its business operations.
Response and Investigation:
Crown Resorts promptly responded to the data breach incident by collaborating with law enforcement agencies and notifying gaming regulators. The company’s spokesperson confirmed ongoing investigations into the cybercrime. While no customer data was compromised, Crown Resorts proactively notified all affected individuals, updating membership numbers as a precautionary measure. By taking these steps, Crown Resorts aims to ensure transparency and maintain the trust of its customers.
Protection of Customer Data:
Crown Resorts reiterated its commitment to safeguarding customer data and privacy. The company stressed that the released files contained no personally identifiable information or sensitive financial data. Bank names, tax IDs, BSB, and payslip information were not included in the compromised files. Crown Resorts also clarified that membership numbers are purely numerical identifiers and do not expose any personal or identifiable details. The company’s proactive approach in promptly addressing the breach and minimizing potential risks highlights its dedication to customer security.
Collaboration with Authorities:
Crown Resorts has been working closely with law enforcement agencies and gaming regulators throughout the investigation into the cybercrime incident. By actively cooperating with these entities, the company aims to assist in identifying and apprehending the perpetrators. Such collaboration ensures a comprehensive response to the data breach, reinforces security measures, and mitigates future risks.
Customer Assurance and Updates:
To maintain open communication and reassure affected individuals, Crown Resorts has proactively notified all impacted parties. The company remains committed to providing regular updates on the progress of the investigation and any relevant developments. This transparent approach showcases Crown Resorts’ commitment to prioritizing customer trust and ensuring their peace of mind.
The data breach incident at Crown Resorts, resulting from the cyberattack on GoAnyware, has raised concerns about the security of sensitive information. However, Crown Resorts has taken swift action to address the situation, confirming that no customer data was compromised in the breach. By proactively notifying affected individuals and working closely with law enforcement and regulators, the company aims to minimize potential harm and enhance security measures. Crown Resorts’ commitment to safeguarding customer data and maintaining transparency reinforces its dedication to providing a secure and trustworthy gambling experience for its patrons.