Last week Ontario’s Casino Rama Resort near Toronto announced that it had been the victim of a cyberattack and that sensitive customer information was among the data taken. It became aware of the attack on November 4.
A spokesman for the casino, which is operated by Penn National Gaming on the Rama First Nation, issued this email that day after the announcement: “We continue to work with the proper authorities on the ongoing investigation and are limited in in how much detail we can provide. We deeply regret this situation and recognize the seriousness of the issue.” It added “The hacker claims that the employee information dates from 2004 to 2016, and that some of the other categories of information taken date back to 2007.”
According to the Ontario Lottery and Gaming Commission no other casinos in the province were attacked.
Several days later attorneys announced that they would be leading a class action lawsuit that would seek $50 million in damages from the casino. The attorneys, who are now attempting to sign up people who might possibly have been damaged. “The class action will be commenced on behalf of employees, customers and vendors of the Casino Rama Resort whose confidential information was compromised by the privacy breach,” they said in an announcement. They added, “The proposed representative plaintiffs in the lawsuit are customers who gave the resort their confidential information, including financial information.”
The announcement of the possible lawsuit came the day after Casino Rama Resort in Rama warned that customers, vendors and current and former staff should closely monitor their bank accounts and credit card accounts for signs of unauthorized transactions. The casino said it had recently discovered the cyberattack and that the information taken included internal financials, emails, payroll information, client information, social insurance numbers and dates of birth. In other words, a goldmine for stealing money from thousands of people.
Apparently the hacker informed the casino of the attack, claiming that it had some information from employees going as far back as 2004, and threatening to publish the stolen information.
One of the attorneys, Ted Charney, said, “This is a massive privacy breach,” Charney said in announcing the proposed lawsuit. “We still do not know the whole story but it looks like Casino Rama rolled the dice with employee, customer and vendor data rather than invest in state-of-the-art security measures.”
According to the casino none of its 2,500 slots or 110 gaming tables were hacked. They operate on a different network from the financials and other data. It also has a 300-room hotel. The casino gets about 3 million visitors a year.
This is the second time in 2016 that a First Nation casino has been hacked. The previous victim was the River Cree Resort and Casino in Alberta in March.
