Personal information such as gaming habits and payout information of patrons that was stolen more than a year ago by hackers in a cyber-attack from Calgary’s Cowboys Casino have posted online.
The dump included thousands of files from customers, including the casino’s “elite members list.” It was accompanied by a warning that more data could be released in the future.
The hackers also posted online, “The computer security at Cowboys Casino was nonexistent and all data was ripe for the taking. We asked Cowboys Casino to fix the gapping (sic) holes in their system but our request was ignored for over a year. So we have decided to go public and release our first (very small sample) data dump. Hopefully now they will take their customers and employees privacy more seriously.”
The post warned four more data dumps are planned. The hackers stated, “If by next week Cowboys Casinos still has not fixed their security holes we will release a 2nd data dump, this will include employee payroll information, disciplinary reports, Triton background checks, companywide emails and of course more customer data! And a new data dump will go public every week until they decide to take this matter seriously!” Cowboys Casino General Manager Tyrone Waite said although the hackers warned the casino to fix “its security holes,” the casino shored up its data security after last year’s attack.
Waite said after the cyber attack last June, management sent out 14,294 notifications about the data breach to customers, clients and staff. Now the casino is informing everyone who could have been affected that their information may have been released online. “It’s unfortunate it’s happened. We’ve been working on this for a year and it’s always been in the back of our mind it could get out there at any time. We know that nobody else has been in the system and we’re working with police. Unfortunately with the internet, once that information was gone, it was never going to go away. It’s bad but there’s not much we can do about it.” Waite said no further breaches took place following the one last year.
Calgary police Cyber/Forensics Unit Staff Sergeant Cory Dayley said any business is a potential target for hackers hoping to extort them for money, either through ransomware or threatening to release sensitive information.
“They can get in through phishing attacks, with drive-by downloads where someone accidentally downloads something on their device, or a targeted attack based on how the security infrastructure is set up. We have to be vigilant about protecting ourselves and our systems,” Dayley said.
Earlier this year, confidential information about employees at the Grey Eagle Casino in Calgary was stolen by hackers and posted online. Last March the River Cree Casino near Edmonton said a cyber attack compromised customer and employee information.
