The commission which is meant to keep investors safe while maintaining fairness, order, and efficiency in all markets has received the news of the cybernetic attack on Codere Online along with the reasons that lead to it.
Hackers Pretended to be Codere Online Agents
According to the report received by the SEC, a number of internal control weaknesses allowed hackers to access the email systems belonging to the company that offers casino games and sports betting options online and via mobile apps.
Hackers introduced themselves as Codere Online’s agents. They sent invoices that they manipulated beforehand to different suppliers that the company had been working with, demanding the company to immediately send the requested payment.
Codere called the cyberattack an “isolated event” that did not jeopardize the security and integrity of their users’ deposits, passwords, and the rest of their confidential data.
Additionally, all the banking institutions that processed the respective transactions were informed about the cyberattack. Codere is currently in the process of retrieving its losses evaluated at €744,000 ($805,000).
Ineffective Design and Vulnerabilities of the Payment System Led to the Attack
The same SEC filing showed Codere admitted to failing to use the proper internal controls in regard to the way its financial information data should have been handled. Among the culprits, the company mentioned the “ineffective design and weaknesses of its payment system”.
Another element that was mentioned by Codere as a determining element that made them vulnerable in front of the hackers was their cybersecurity systems’ inability to stop the attack.
The detailed assessment of the internal controls helped Codere conclude that there was no evidence that could indicate a company employee had facilitated the cyberattack that was labeled as “technologically sophisticated”.
Codere Has Started to Beef Up Its Internal System Controls and IT Security
SEC has already been informed that Codere has initiated its procedures to improve its internal system controls and Information Technology security. The measure was deemed necessary in the context of this being the second cyberattack that the company has been subject to as a result of a security breach.
The first occurrence was recorded in 2020 when the Data Information Agency in Spain received a similar filing regarding a server hacking attack at Codere.
The respective attack leaked sensitive data belonging to Codere’s customers, including encrypted passwords, residences, IP locations, contact information, and national IDs.
At that time, the company informed 500,000 of its customers about the potential data breaches tied to their information. At the end of an audit completed with the help of the Data Information Agency, it was shown that the server attack had impacted 64,000 of Codere’s online customers.
Last December, Codere Online announced it inked a partnership deal with Evolution Group, helping the latter enter Panama’s regulated gambling market. A month before that, Zitro Digital, Zitro’s sealed a similar agreement for Spain with the popular iGaming operator.