GoAnyware is a popular file transfer service operated by software developers Fortra. On 2 February, well-known cybercrime investigative journalist Brian Krebs posted on Mastodon that the application was suffering from a “zero-day remote code injection exploit” to which, in response, the business temporarily implemented a service outage. Consequently, antagonistic actors downloaded information from a number of businesses, including Crown Resorts.
On 27 March, the Blackstone-owned casino operator said that it had been contacted by a ransomware group who claimed to be in possession of a number of Crown files. The company said it would investigate the validity of this claim “as a matter of “priority”.
“We can confirm no customer data has been compromised and our business operations have not been impacted,” said a Crown Resorts spokesperson. “We are continuing to work with law enforcement and have notified our gaming regulators as part of the ongoing investigation and will provide relevant updates, as necessary.”
Today (5 April), Crown said it could confirm that a small number of files have been released on the dark web, including employee time and attendance records, as well as membership numbers from Crown Sydney. The business again reiterated that no personal information from customers was compromised in the breach.
In addition, the released files did not include bank names, tax IDs, BSB or payslip information. The company emphasised that the membership numbers are numbers only and do not contain any identifying or persona information.
“We are proactively notifying all impacted individuals and are updating membership numbers of those affected out of an abundance of caution,” said the spokesperson. “Crown continues to work with law enforcement and our regulators in relation to this cybercrime.”