Yesterday, Crown Resorts reported to investors that a few documents pertaining to the organization had been inappropriately obtained via a ransomware attack on a third-party file transfer service provider, GoAnywhere, which the casino group utilizes.
Crown Resorts, the largest casino operator in Australia, was recently embroiled in a sweeping cyberattack. The firm mentioned that some employee data was affected in the ransomware event. (Photo: Crown Resorts)
GoAnywhere provides companies such as Crown with supposedly secure online file transfer services. Through the GoAnywhere platform, Crown employees send sensitive documents in and out of the company over the internet. GoAnywhere offers a managed file transfer (MFT) service aimed at enhancing the security of the movement of communications.
We were recently contacted by a ransomware group saying they had gained access to a limited number of Crown files through GoAnywhere. Now we can verify that a small number of files have been released on the dark web, including employee time and attendance records and some membership numbers from Crown Sydney,” the Crown investor announcement explained.
This data breach is a further blow to the controversial Australian gaming operator, which is currently under the scrutiny of state-appointed monitors in the three Aussie states where the company has casinos.
Clients Unaffected
The Crown Resorts shareholder announcement stated that the firm has not detected any theft of client information due to the GoAnywhere ransomware attack.
“We can confirm that no personal information of customers has been compromised as part of this breach,” the Crown representative added.
Crown officials said they are in the process of contacting impacted employees and will be issuing those workers new company identification numbers “out of an abundance of caution.” Crown is continuing to collaborate with law enforcement and state gaming regulators to address the cybercrime.
“Gold Tahoe” is thought to be the cybercriminal group behind the GoAnywhere assault. Gold Tahoe utilized Clop ransomware to extort information from the GoAnywhere platform. The hackers then encrypted the files and made threats to the companies taken over, with bitcoin as the favored ransom payment.
Crown is among a list of well-known companies and corporations impacted by the GoAnywhere incident. Other major companies compromised include Proctor & Gamble, Saks Fifth Avenue, Hatch Bank, Hitachi Energy, and the City of Toronto.
Gold Tahoe, according to cyber security specialists, managed to exploit a GoAnywhere vulnerability known as CVE-2023-0669. For more details on CVE-2023-0669, please click here to review the National Vulnerability Database, which is maintained by the US Department of Commerce’s National Institute of Standards and Technology.
Financial Details Protected
Although Crown Resorts has reported that employee information concerning shift records was acquired by the hackers, the firm claims no personal information on the staff was transmitted.
The Crown Melbourne, Crown Sydney, and Crown Perth operator indicated that the banks used by employees to cash their checks and/or receive direct deposits were not taken. Employee tax identification numbers and other salary information were also safeguarded.
Yesterday, Crown Resorts informed investors that a small number of documents associated with the organization had been unlawfully obtained via a ransomware attack on a third-party file transfer service provider, GoAnywhere, which the casino group uses.
Crown Resorts, the largest casino operator in Australia, was recently subjected to a widespread cyberattack. The company noted that some employee data was impacted in the ransomware incident. (Image: Crown Resorts)
GoAnywhere provides companies such as Crown with supposedly secure online file transfer services. Over the GoAnywhere platform, Crown employees send confidential documents in and out of the company through the internet. GoAnywhere provides a managed file transfer (MFT) service designed to enhance the security of the movement of communications.
We were recently contacted by a ransomware group who said they had accessed a limited number of Crown files through GoAnywhere. Today we can confirm that a small number of files have been released on the dark web, including employee time and attendance records and some membership numbers from Crown Sydney,” the Crown investor update said.
The data breach is another blow to the embattled Australian gaming operator, which is still under the watchful eyes of state-appointed monitors in the three Aussie states where the company has casinos.
Clients Unaffected
The Crown Resorts shareholder notice indicated that the organization has not detected any theft of customer information due to the GoAnywhere ransomware attack.
“We can confirm that no personal information of customers has been compromised as part of this breach,” the Crown spokesperson added.
Crown officials said they are in the process of contacting affected employees and will be issuing those workers new company identification numbers “out of an abundance of caution.” Crown also continues to work with law enforcement and
