Australia-listed slot machine maker and online gaming content provider Aristocrat Leisure Ltd says it has “experienced a cyber incident” around June 1, in which some data – including information belonging to its employees – was stolen.
A “criminal hacker exploited a newly identified … vulnerability in third-party file sharing software (MOVEit) used by the company,” said Aristocrat in a Friday statement.
“The hacker extracted data from a company server, including personal information belonging to Aristocrat employees and other data,” stated the slot machine maker.
“Aristocrat is aware of reports that the criminals have now published extracts of the stolen data online,” it added.
The gaming equipment supplier said it had completed a “risk assessment” of any potential impact to its business arising from the cybersecurity incident, adding that it would continue to manage the occurrence “proactively and comprehensively”.
“Based on the information available as at this date, Aristocrat expects low business impact with the execution of an appropriate risk management and mitigation plan,” it stated.
Aristocrat said it has taken “comprehensive steps since becoming aware of the incident”. That included: remedying the MOVEit software vulnerability; notifying relevant law enforcement, required gaming and other regulatory authorities; and working with independent experts to determine what data was “exfiltrated”.
The company also said it was offering to its employees “complimentary credit monitoring and identity theft protection services” in relation with the data breach.
