The attack took place on 1 June, with the hacker gaining access to an Aristocrat server. The criminals have since published extracts of this data online.
Aristocrat said the hackers exploited a newly identified vulnerability in MOVEit – third-party file sharing software used by the business.
In response, Aristocrat has taken a number of steps including containing the incident and addressing the vulnerability with MOVEit. The business also notified the relevant law enforcement, required gaming and other regulatory authorities.
Other actions include working with experts to determine what data was stolen and offering all staff complimentary credit monitoring and identity theft protection.
Aristocrat added that it has completed a risk assessment of the potential impact to its business. It expects only low business impact, with the execution of an appropriate risk management and mitigation plan.
“Aristocrat upholds high probity standards and takes the privacy and security of all personal data seriously,” the company said.
“We will continue to manage this incident proactively and comprehensively, in the best interests of our people, business and other stakeholders.”
Tracing the untraceable
Aristocrat is by no means the first gaming business to suffer an attack like this. In November last year, an attack on certain DraftKings customer accounts affected €300,000 in funds.
Customers’ two-factor authentication was also rendered useless as the hack had allowed their phone numbers to be changed.
Earlier this year, iGB spoke with a number of experts in cybersecurity about the threat the industry faces from such attacks.
Lindsay Slader from GeoComply, Zak Cutler from Paysafe and Continent 8’s Leon Allen said the industry must remain one step ahead when dealing with threats to financial security.