Codere Online
Shutterstock

Codere admits ‘system failings’ following €700K hack

The US Securities and Exchange Commission (SEC) has been informed by Nueva Codere of a cyberattack to its subsidiary Codere Online, resulting in losses of €744,000. 

The admission to the SEC outlined ‘weaknesses in internal controls’, which allowed hackers to access Codere Online’s email systems.

The cyberattack saw hackers pose as ‘Codere Online agents’, who sent ‘manipulated invoices’ to various suppliers of the company demanding urgent payment.

Codere deems the cyberattack to be ‘an isolated event’, in which “the account deposits of the users or their passwords were not put at risk, nor were the confidential data of their users accessed.”

In addition, banks involved in processing nefarious transactions were made aware of the attack as Codere begins to retrieve its losses.

The SEC filing saw Codere admit to “internal control failings handling financial information data due to an ineffective design and weaknesses of its payment system” and to an “inability of cybersecurity systems to prevent the attack.

“Codere Online did not maintain effective controls over its information processing systems, as a result of the existence of certain material weaknesses in internal control.” 

Having reviewed internal controls, Codere underlined that it found no evidence of any involvement of a company employee in helping the cyberattack, which was branded as “technologically sophisticated”.

Codere ended its statement by reassuring the SEC that it had begun processes to improve its IT security and internal system controls.  

The cyberattack is the second time Codere has had to admit a security breach to a market’s authority. In 2020, Spain’s Data Information Agency (AEPD) was informed of a server hack at Codere, which had leaked sensitive customer data related to encrypted password, national IDs, residences, IP locations and contact information (customer addresses, postcodes, emails and telephone numbers). 

The previous incident saw Codere inform 500,000 customers of potential data breaches related to their personal information, followed by  an AEPD assisted audit that revealed that the server leak had impacted 64,000 customers.  

SBC News Codere admits 'system failings' following €700K hack

Check Also

SBC News Kike Salas awaits trial for alleged Sevilla match-fixing

Kike Salas awaits trial for alleged Sevilla match-fixing

Kike Salas, the 22-year-old Sevilla player, is facing trial after police arrested him over match-fixing …

SBC News Evoke hits EBITDA target as 2024 lands "ahead of expectations"

Evoke hits EBITDA target as 2024 lands “ahead of expectations”

Evoke Plc has benefited from strong year-end trading, as the LSE gambling group expects its …

Codere Online

Nasdaq warns Codere Online of audit liabilities ahead of January probe

Codere Online must address its urgent corporate liabilities to maintain its status as a Nasdaq-listed …