Australia-based slot manufacturer Aristocrat Leisure, Limited confirmed that it experienced a cybersecurity breach around June 1 in which personal employee information was compromised.
A “criminal hacker exploited a newly identified… vulnerability in third-party file sharing software (MOVEit) used by the company,” said Aristocrat in a statement. “The hacker extracted data from a company server, including personal information belonging to Aristocrat employees and other data. Aristocrat is aware of reports that the criminals have now published extracts of the stolen data online.”
The statement said Aristocrat has completed a “risk assessment” of any potential impact to its business arising from the cybersecurity incident, and that the company will continue to manage the occurrence “proactively and comprehensively”.
“Based on the information available as at this date, Aristocrat expects low business impact with the execution of an appropriate risk management and mitigation plan,” the statement said, noting the company has taken “comprehensive steps since becoming aware of the incident,” including remedying the MOVEit software vulnerability, notifying law enforcement and regulators, and working with independent experts to determine what data was stolen.
The company also said it was offering to its employees “complimentary credit monitoring and identity theft protection services” in relation to the data breach.
