Aristocrat confirms it experienced a cyber incident around 1 June 2023, whereby a criminal hacker exploited a newly identified (zero day) vulnerability in third-party file sharing software (MOVEit) used by the company.
The hacker extracted data from a company server, including personal information belonging to Aristocrat employees and other data. Aristocrat is aware of reports that the criminals have now published extracts of the stolen data online.
Aristocrat upholds high probity standards and takes the privacy and security of all personal data seriously. Aristocrat has taken comprehensive steps since becoming aware of the incident,
- immediately containing the incident and remedying the MOVEit software vulnerability;
- notifying relevant law enforcement, required gaming and other regulatory authorities;
- working with the support of independent experts to determine what data was exfiltrated, implement mitigations and uphold our obligations; and
- advising all Aristocrat employees globally and offering complimentary credit monitoring and identity theft protection services.
Aristocrat has completed its risk assessment of any potential impact to its business arising from this incident. Based on the information available as at this date, Aristocrat expects low business impact with the execution of an appropriate risk management and mitigation plan.
We will continue to manage this incident proactively and comprehensively, in the best interests of our people, business and other stakeholders.