Aristocrat Friday confirmed it suffered a cyber incident June 1.
In a statement, the company said a criminal hacker exploited a newly identified vulnerability in MOVEit, third-party file-sharing software used by Aristocrat, and extricated data, including employee personal information.
Aristocrat stated the company is cognizant of reports that hackers have published extracts of the stolen data online.
The Australia-based company has taken the following steps since becoming aware of the incident:
- Immediately contained the incident and remedied the MOVEit software vulnerability;
- Notified relevant law enforcement and required gaming and other regulatory authorities;
- Worked with the support of independent experts to determine what data was exfiltrated, implement mitigations, and uphold its obligations;
- Advised all Aristocrat employees globally and offered complimentary credit monitoring and identity-theft protection services.
After completing a risk assessment of potential consequences, Aristocrat stated it expects a low business impact with the execution of an appropriate risk-management and mitigation plan. The company will continue to manage the incident proactively and comprehensively, in the best interests of its employees, business, and other stakeholders.