Another Headache for Star Entertainment as Customer Data Leaked in Law Firm Hack

  • The breach happened in April and the hackers sought an AU$7m (US$4.6m) ransom
  • It supposedly took so long to inform Star customers due to the volume of compromised data
  • The same hacker group also breached MGM Resorts and Caesars last year
Andrew O’Malley

Computer hacker
The personal data of certain Star Entertainment customers and employees was compromised as part of a major law firm breach in April 2023. [Image: Shutterstock.com]

A big leak

Star Entertainment can’t seem to stop stepping on rakes. After having its casino licenses suspended in New South Wales (NSW) and Queensland, having to pay over AU$200m (US$130m) in fines, and its CEO resigning on Friday, the company is now dealing with the fallout of a significant data breach.

Hackers accessed millions of legal documents in April 2023 from the biggest law firm in Australia, HWL Ebsworth (HWLE). Star is one of its clients and the casino company only recently notified patrons and employees that their personal data was potentially part of the leak.

sought a ransom of AU$7m (US$4.6m)

The hacker group known as ALPHV or BlackCat claimed responsibility for the attack and sought a ransom of about AU$7m (US$4.6m). HWLE refused to pay, so the group released the data on the dark web over a three-week period, including home addresses, passport information, and banking details.

HWLE eventually got an injunction from the NSW Supreme Court to make it illegal for people to access the data, which dampened the media’s efforts to report on the causes and extent of the hack.

The fallout

Talking to Daily Mail Australia, a Star Entertainment customer spoke about learning that his birth certificate, tax number, driving license, and passport were all possibly part of the leak. The casino company told him that the commercial law firm would reimburse the cost of having to replace his passport and/or driving license. He believes that this doesn’t go far enough and hopes that a class-action lawsuit against Star Entertainment is on the way.

The hackers accessed the data of about 50 Australian Shares Exchange-listed companies and up to 45 government departments.
.

Star Entertainment explained in an email statement to customers that the delay in informing people was due to the “very large volume of data was extracted” which meant that it had to manually figure out if the personal data of customers and employees was compromised.

A prolific hacking group

ALPHV is a prolific ransomware group that was also behind the attack on MGM Resorts last summer. The direct impact lasted a couple of weeks and resulted in the company’s systems going offline, causing massive disruption at its Las Vegas properties, in particular.

FBI estimated that ALPHV had made over US$300m from its efforts

MGM refused to pay any ransom money despite reportedly losing about US$100m in entire ordeal. The same hackers reportedly carried out a similar attack on Caesars Entertainment, which led to a US$15m ransom payment. The FBI estimated that ALPHV made over US$300m from its efforts as of September 2023.

Leave a Reply

Your email address will not be published. Required fields are marked *

Other Related News

We use cookies on this site to enhance your user experience.
By clicking any link on this page, you are giving consent to our use of cookies.

Cookie Overview

VegasSlotsOnline uses cookies to enhance your experience as you navigate through the website. Some of these cookies are categorized as essential because they are essential for the working of the basic functionalities of the website. Essential cookies are stored on your browser. We also use third-party cookies that help us analyze and understand how you use this website. These are non-essential cookies and are stored on your browser only with your consent. You have the option to opt-out of non-essential cookies, but this may affect your browsing experience.

Necessary  (Always Enabled)

Essential cookies are absolutely essential for the website to function properly. This category only includes cookies that ensure the basic functionalities and security features of the website. These cookies do not store any personal information.

Non-Essential ( Enabled Disabled )

Any cookies that may not be particularly necessary for the website to function and are used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-essential cookies. It is mandatory to procure user consent prior to running these cookies on your website.