CryptoLogic Inc., the Toronto company that’s a veteran developer of Internet gaming and e-commerce software, suffered a “system intrusion” at the end of August. The hacker caused the win rate on three games – craps, video slots and the “Rags to Riches” progressive slot – to be higher than had been programmed by CryptoLogic.
As a result, players who happened to be playing those games on the sites of two CryptoLogic licensees won much more money than they were supposed to. They were paid in full.
The windfall to players amounted to US$1.9 million. The company said it has submitted a claim for $1.3 million to its insuror. So the loss to CryptoLogic and the two licensees will be $600,000, with most of that absorbed by CryptoLogic.
The company mentioned the incident in a press release issued Wednesday. Its director of communications, Nancy Chan-Palmateer, fleshed out some of the details in an interview today with RGT Online. She said she couldn’t discuss all of the details because an investigation is continuing.
“There was never any compromise of player information, there was no access to financial information,” Chan-Palmateer said. “All of that was fully secure.”
The company believes that the hacker was trying to harm CryptoLogic, not trying to rig games so that the hacker could personally benefit. All of the players at the time were longtime players known to the sites where they gambled, Chan-Palmateer said.
“This is more of a malicious attack on the company, someone trying to hurt the organization,” she said, adding that there’s “a high likelihood that this person has intimate knowledge of our system, so it’s not just your average Joe out there trying to get into the system.”
Chan-Palmateer declined to identify the two casinos, but she said they were two of CryptoLogic’s larger licensees. The company has more than 20 licensees, all using the same software. But the hacker’s manipulations only affected one game server, she said, and that server was the one the two licensees were using at the time.
The intrusion was detected after a few hours. “We were able to contain the situation,” Chan-Palmateer said. “We stopped those best online casino singapore momentarily, we identified the particular players involved that had been affected, we then disabled those accounts and advised licensees as well as the players. We restarted the games so there was no disruption of service to other players, they could continue to play.
“It was the licensees’ decision, which we fully supported, that they wanted to play their players in full, so we’ve got a lot of happy players out there now.”
This is undoubtedly not the first time that a developer’s gaming software has been hacked, but it is unusual for the developer to announce the fact and be willing to discuss the details. Chan-Palmateer said CryptoLogic’s action in this case “is very much consistent with regulatory environments, which is what we’re moving towards.”
In its press release, the company said, “As part of its ongoing commitment to regulatory compliance for safe and secure online gaming, the company also advised that it has swiftly resolved a recent system intrusion with minimal impact.”
“It is a cost of doing business,” Chan-Palmateer said. “We’re not happy that it happened of course, but we were happy with the response, that we were able to contain it with full protection to players, and minimize exposure to both ourselves and our licensees.”
CryptoLogic said its loss from the hacking incident is not expected to affect its quarterly results. The company anticipates net income of US$4.2-$4.6 million this quarter, on revenue of US$9.7-$10.2 million. At these levels, both income and revenue would be significantly ahead of last year’s third quarter.
The company also announced Wednesday that it was in the process of getting its software certified by the governments of the Isle of Man and Alderney, two island territories off the coast of Britain that have recently legalized online casinos.
Asked if that means that some of CryptoLogic’s licensees have applied or plan to apply for online gaming licenses in these jurisdictions, Chan-Palmateer said, “Yes, that’s an appropriate conclusion. We’re preparing ourselves and positioning ourselves so that we can get out of the gate pretty quickly.” Certification by these governments might also help the company secure new clients for its software.
The company’s efforts to obtain regulatory clearance in the Isle of Man are further along than in Alderney, where they are just beginning, she said. In both cases, she said, the process should be helped by the work the company has already done with regulators in Australia. Authorities there have been testing CryptoLogic’s software and performing background checks on the company and its officers.
The compliance work in Australia has been under way for 18 months, and “we’re just moving into the final stretch of it and hope to be done this fall,” Chan-Palmateer said. The company has spent more than US$2 million on the Australian compliance process, she said.