Codere’s sign when it launched on NASDAQ in November 2021. The gaming company’s online platform suffered a hack last year that led to losses of more than $800K. (Image: Twitter)<\/figcaption><\/figure>\nNueva Codere has acknowledged to the US Securities and Exchange Commission (SEC) the existence of various deficiencies and “weaknesses” in its internal controls. Unfortunately, it didn’t find them before its Codere Online subsidiary suffered an attack last year. Nueva Codere had to provide its update to the regulator since the subsidiary trades on NASDAQ (ticker symbol CDRO).<\/p>\n
The attackers were able to steal the funds by manipulating invoices after hacking the email of a senior manager of Codere Online. It was the second attack in slightly more than two years, as the company suffered a security breach in Spain at the end of 2020.<\/p>\n
In Through the Back Door<\/h2>\n
In the latest breach, which took place in the first half of 2022, the attackers posed as agents of the Codere Online sales team. They sent illegitimate payment requests to various suppliers, who didn’t catch the ruse.<\/p>\n
The result is that Codere had to cover the payments. The company told the SEC that it contacted the banks that managed the transfers as soon as it became aware of the hack.<\/strong><\/p>\nTo date, Codere Online has only recovered a small percentage of the funds. However, it hasn’t specified how much.<\/p>\n
Codere asserted that the breach was an isolated event and that it didn’t impact user deposits. Additionally, it didn’t lead to a loss of user login details or other confidential data.<\/p>\n
In its internal investigations, according to the filing with the SEC, Codere didn’t find any evidence that sensitive corporate data was leaked. It also found no indication that the executive or any other employee may have participated in the hack.<\/p>\n