Australia’s Crown Resorts said Wednesday it had received confirmation that a “small number of files” obtained by a ransomware group have been released on the dark web.
According to information posted on the company’s corporate website, the files include employee time and attendance records and some membership numbers from Crown Sydney.
However, Crown added that these employee time and attendance files from Crown Sydney – relating to both current and former employees – do not include bank names, tax IDs, BSB or payslip information. The data relates to current and former employees.
“We can confirm that no personal information of customers has been compromised as part of this breach,” the company said.
The data was obtained as part of a data global breach of third-party file transfer service, GoAnywhere. Crown was a number of companies utilizing GoAnywhere’s service to confirm last week that it had been impacted by the breach. Others impacted include mining giant Rio Tinto and consumer goods brand Proctor & Gamble.
“We are proactively notifying all impacted individuals and are updating membership numbers of those affected out of an abundance of caution,” a Crown spokesperson said.
“Crown continues to work with law enforcement and our regulators in relation to this cybercrime.”