Posted on: January 20, 2023, 11:43h.
Last updated on: January 20, 2023, 12:00h.
Spain-based Nueva Codere has spent more than 12 months rebuilding itself after shareholders took over the gaming company. Last year, it suffered a serious setback after hackers got in and took over the system, ultimately stealing €744,000 (US$805,000) from Codere partners.
Nueva Codere has acknowledged to the US Securities and Exchange Commission (SEC) the existence of various deficiencies and “weaknesses” in its internal controls. Unfortunately, it didn’t find them before its Codere Online subsidiary suffered an attack last year. Nueva Codere had to provide its update to the regulator, since the subsidiary trades on NASDAQ (ticker symbol CDRO).
The attackers were able to steal the funds by manipulating invoices after hacking the email of a senior manager of Codere Online. It was the second attack in slightly more than two years, as the company suffered a security breach in Spain at the end of 2020.
In Through The Back Door
In the latest breach, which took place in the first half of 2022, the attackers posed as agents of the Codere Online sales team. They sent illegitimate payment requests to various suppliers, who didn’t catch the ruse.
The result is that Codere has had to cover the payments. The company told the SEC that it contacted the banks that managed the transfers as soon as it became aware of the hack.
To date, Codere Online has only recovered a small percentage of the funds. However, it hasn’t specified how much.
Codere asserted that the breach was just an isolated event and that it didn’t impact user deposits. Additionally, it didn’t lead to a loss of user login details or other confidential data.
In its internal investigations, according to the filing with the SEC, Codere didn’t find any evidence that sensitive corporate data was leaked. It also found no indication that the executive or any other employee may have participated in the hack.
Codere is still trying to recover the funds, but can’t disclose more details about the ongoing investigation, according to its filing. However, it may have a lead on the perpetrator, as it hints at possible legal action. The company stated that it will provide more information on the measures it is adopting to prevent another hack in its annual report.
At the same time, it admitted that it had internal issues that helped facilitate the break-in. It stated that it and an “ineffective design” in its financial data controls and a “weak” cybersecurity system that allowed the hackers to gain access.
As a consequence, it has taken measures to address both flaws. This has already resulted in improved security, the details of which the company will share with the SEC.
Codere Online Finding Support
Despite the breach, and the one from 2020 that led to the theft of user data, Codere Online continues to find support. Its stock price, although erratic at times, is on the rise.
Toward the end of last July, the price was around $2.10. In less than a month, it jumped to $3.12, but couldn’t hold on. The price fell to $2.40 on August 30 and began a series of ups and downs that continued into December.
On December 19, CDRO was at $2.44, but has seen a steady climb since then. As of January 20 in morning trading, it had increased to $3.50. As it was preparing to go live on NASDAQ in November 2021, it was worth around $9.90.
The recent improvements come from better financial performance in 2022. For the third quarter, Codere Online’s overall revenue was €28.9 million (US$31.33 million), 51% higher than a year earlier. Gaming revenue was €30.6 million (US$33.17 million), 54% higher.