Nueva Codere, and its subsidiary Codere Online, have experienced a cyberattack that resulted in a loss of €744,000 ($810,000). The cyberattack was directed entirely against the subsidiary, and it managed to breach its systems leading to the loss, the company said in a filing with the US Securities and Exchange Commission (SEC).
The hack was linked to an overall vulnerability in the company’s systems, which saw hackers breach the internal mailing system and demand payments from suppliers which thought they were corresponding with Codere Online when, in fact, they were becoming the victims of the imposters.
While Codere Online acknowledged these vulnerabilities pointed to shortcomings in the way it safeguarded certain processes, the company insisted that the hack was an isolated case and that the necessary measures to prevent it from happening again had already been put in place. Albeit with a caveat.
Codere Online offered further assurances and said that consumers were not put at risk as a result of the hack. No personal information regarding consumers was disclosed during the hacking event, with the criminals only retrieving money from suppliers.
In the filing shared with the SEC, the company explained why the security breach had occurred in the first place, acknowledging "mea culpa" in the matter.
"Codere Online did not maintain effective controls over its information processing systems, as a result of the existence of certain material weaknesses in internal control, " as corroborated by SBC News.
Presently, Codere Online is still engaged in the recovery of the funds and remedying the situation. The company has confirmed that it’s in touch with the banks involved over the wire transfers and has, in fact, recovered a de minis amount of the missing money.
Codere Online reaffirmed its commitment to retrieving these funds and may even seek legal recourse depending on the amount that ends up not being recovered. The company further assured that the "Business e-Mail Compromise," as the matter is styled internally, to have any material impact on the company’s long-term business outlook.
This is not the first time Codere has suffered at the hands of hackers. Back in 2022, the company reported a breach that targeted its servers and led to the leaking of identifiable personal information, including encrypted passwords, residences, IP locations, national IDs, and more. Some 500,000 consumers were impacted during the last hacking attack against the company.
Codere has reaffirmed its commitment to ensuring that future accidents of this nature do not happen but also cautioned that the business cannot promise for certain it would not experience similar incidents in the future.
Image credit: Unsplash.com