Dear Customers, 

On September 22, Baccarat (hereinafter referred to as “we”) has undergone a cyberattack which has been affecting its operations outside of China. Immediately after the cyberattack, we formed a special team and, together with a third-party contractor, launched an investigation. 

In parallel to the investigation, Baccarat decided, with the help of specialists, to maintain active surveillance on any publication originating from the threat actor.  

On October 20, this monitoring detected that a significant quantity of documents was published by the threat actor. This content is currently being analysed by our experts.  

At this stage, there is no evidence that any information or data related to you is compromised by this cyberattack. I assure you that if any of your personal data linked to this cyberattack is brought to our attention following the ongoing analysis, we will keep you informed. More than ever, the security of your data is our priority. 

We will follow up on this incident in a timely manner. As a precaution, we have decided to inform you of this situation described above and encourage you to be extremely watchful. For this purpose, we are sharing at the end of this communication some golden rules of cyber security for your guidance. Meanwhile, we have taken proper measures to prevent such incidents from occurring again. 

An email address for receiving your inquires, questions@baccarat-asia.com, has also been set up. Please kindly get in touch with us via email if you have any further questions regarding the preceding incident, and we will respond promptly.  

After this cyberattack began, we reacted with determination and implemented numerous cybersecurity and system security measures. Our business in China is operating normally, and as mentioned above, China was not affected by the cyberattack. I would like to reassure you that today, the use of emails, videoconferences, and other means of communication with or within Baccarat poses no threat. Our teams, supported by external experts, are mobilized, and committed to a gradual return to normal for our operations outside of China, under optimal cybersecurity conditions. 

Once again, we would like to express our deepest gratitude for your support. 

Maggie Henriquez 

CEO of Baccarat

APPENDIX: 

Golden Rules of Cybersecurity 

Adopting the Golden rules can effectively reduce the risk associated with the use of digital technologies:  

1. Strictly separate your personal and professional uses. Your personal means of communication must not be used for your professional exchanges (email, file transfer protocol, USB keys, etc.) and vice-versa. 

2. Update your digital tools regularly. Updates are not automatic, so make sure you accept them for both your personal and professional devices to guarantee their security. 

3. Protect your access with two-factor authentication whenever possible, or at least with complex passwords. Your passwords should be long, complex, free of personal information, unique and secret. 

4. Do not leave your equipment unattended. Otherwise, it could be manipulated without your knowledge and your data stolen. 

5. Protect your private space and your data. Lock your electronic devices when you are not around your equipment and keep all sensitive material in a safe place. 

6. Take care of your personal information online. Protect your identifying and identifiable information by being vigilant on the Internet. 

7. Protect your email. Be careful before opening attachments and do not click on links in messages that seem dubious. 

8. Do not trust unverified networks to connect your equipment. For example: public Wi-Fi networks, USB charging points, etc. 

9. Be vigilant when talking on the phone. The confidentiality of conversations is not guaranteed on public networks.