Crown Resorts Concedes ‘Small Number of Files’ Stolen Through GoAnywhere Breach

Crown Resorts Concedes ‘Small Number of Files’ Stolen Through GoAnywhere Breach

Posted on: April 6, 2023, 10:02h. 

Last updated on: April 6, 2023, 01:33h.

Crown Resorts informed investors Wednesday that a “small number of files” belonging to the organization were wrongly obtained. The files were taken through a recent ransomware attack on the third-party file transfer service provider GoAnywhere, which the casino group uses.

Crown Resorts Australia ransomware attack Clop
Crown Resorts kitchen staff pose for a company photograph. Crown Resorts, the largest casino operator in Australia, was involved in a recent far-reaching cyberattack. The company says some employee information was compromised in the ransomware event. (Image: Crown Resorts)

GoAnywhere provides companies like Crown with supposedly secure online file transfer services. Crown employees send sensitive documents inside and outside the organization over the Internet through the GoAnywhere platform. GoAnywhere provides a managed file transfer (MFT) service designed to increase the security of the movement of communication.

We were recently contacted by a ransomware group who claimed they had obtained a limited number of Crown files through GoAnywhere. Today we can confirm that a small number of files have been released on the dark web, including employee time and attendance records and some membership numbers from Crown Sydney,” the Crown investor release explained.

The data hack is yet another black eye for the embattled Australian gaming operator. It remains under the watchful eyes of state-appointed monitors in the three Aussie states where the company has casinos.

Recent government inquiries in Victoria, Western Australia, and New South Wales concluded that Crown allowed its casinos to serve illicit groups seeking to clean dirty money. The state inquiries didn’t result in Crown losing its gaming privileges. But the company was given a set time to remedy its failed money laundering safeguards.

Customers Unimpacted

The Crown Resorts shareholder notice said the company hasn’t detected any theft of customer information through the GoAnywhere ransomware attack.

“We can confirm that no personal information of customers has been compromised as part of this breach,” the Crown spokesperson added.

Crown officials said they’re contacting affected employees and will be issuing them new company identification numbers “out of an abundance of caution.” Crown also continues working with law enforcement and state gaming regulators to resolve the cybercrime.

Gold Tahoe is said to be the cybercriminal group behind the GoAnywhere attack. Gold Tahoe used Clop ransomware to extort information from the GoAnywhere platform. The hackers then encrypted the files and threatened the companies seized, with bitcoin as the preferred ransom payment.

Crown is among a list of globally known companies and conglomerates impacted by the GoAnywhere event. Other notable companies compromised include Proctor & Gamble, Saks Fifth Avenue, Hatch Bank, Hitachi Energy, and the City of Toronto.

Gold Tahoe, according to cybersecurity experts, managed to exploit a GoAnywhere vulnerability known as CVE-2023-0669. For more information on CVE-2023-0669, click here to review the National Vulnerability Database, which is managed by the US Department of Commerce’s National Institute of Standards and Technology.

Financial Information Protected

Though Crown Resorts has relayed that employee information regarding shift histories was ill-gotten by the hackers, the company claims no personal information on the staffers was transmitted.

The Crown Melbourne, Crown Sydney, and Crown Perth operator said the bank accounts used by employees to cash their checks and/or receive direct deposits weren’t obtained. Employee tax identification numbers and other paycheck information also remained protected.

Related News Articles


Skriv kommentar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *