Crown Resorts Concedes ‘Small Number of Files’ Stolen Through GoAnywhere Breach

Crown Resorts informed investors yesterday that a “small number of files” belonging to the organization were wrongly obtained through a recent ransomware attack on a third-party file transfer service provider GoAnywhere that the casino group uses.

Crown Resorts Australia ransomware attack Clop
Crown Resorts kitchen staff pose for a company photograph. Crown Resorts, the largest casino operator in Australia, was involved in a recent far-reaching cyberattack. The company says some employee information was compromised in the ransomware event. (Image: Crown Resorts)

GoAnywhere provides companies like Crown with supposedly secure online file transfer services. Crown employees send sensitive documents inside and outside the organization over the internet through the GoAnywhere platform. GoAnywhere provides a managed file transfer (MFT) service designed to increase the security of the movement of communications.

We were recently contacted by a ransomware group who claimed they had obtained a limited number of Crown files through GoAnywhere. Today we can confirm that a small number of files have been released on the dark web, including employee time and attendance records and some membership numbers from Crown Sydney,” the Crown investor release explained.

The data hack is yet another black eye for the embattled Australian gaming operator, which remains under the watchful eyes of state-appointed monitors in the three Aussie states where the company has casinos.

Recent government inquiries in Victoria, Western Australia, and New South Wales concluded that Crown has allowed its casinos to serve illicit groups seeking to clean dirty money. The state inquiries did not result in Crown losing its gaming privileges, but instead, the company was given a set time to remedy its failed money laundering safeguards.

Customers Unimpacted

The Crown Resorts shareholder notice said the company has not detected any theft of customer information through the GoAnywhere ransomware attack.

“We can confirm that no personal information of customers has been compromised as part of this breach,” the Crown spokesperson added.

Crown officials said they’re in the process of contacting affected employees and will be issuing those workers new company identification numbers “out of an abundance of caution.” Crown also continues to work with law enforcement and state gaming regulators in resolving the cybercrime.

“Gold Tahoe” is said to be the cybercriminal group behind the GoAnywhere attack. Gold Tahoe used Clop ransomware to extort information from the GoAnywhere platform. The hackers then encrypted the files and made threats to the companies seized, with bitcoin as the preferred ransom payment.

Crown is among a list of globally known companies and conglomerates impacted by the GoAnywhere event. A few other notable companies compromised include Proctor & Gamble, Saks Fifth Avenue, Hatch Bank, Hitachi Energy, and the City of Toronto.

Gold Tahoe, according to cybersecurity experts, managed to exploit a GoAnywhere vulnerability known as CVE-2023-0669. For more information on CVE-2023-0669, click here to review the National Vulnerability Database, which is managed by the US Department of Commerce’s National Institute of Standards and Technology.

Financial Information Protected

Though Crown Resorts has relayed that employee information regarding shift histories was ill-gotten by the hackers, the company claims no personal information on the staffers was transmitted.

The Crown Melbourne, Crown Sydney, and Crown Perth operator said the banks used by employees to cash their checks and/or receive direct deposits were not obtained. Employee tax identification numbers and other paycheck information also remained protected.

The post Crown Resorts Concedes ‘Small Number of Files’ Stolen Through GoAnywhere Breach appeared first on Casino.org.

Leave a Comment