Casino Rama, an Ontario First Nations-owned casino, announced on Thursday, 10 November that they had fallen victim to a cyberattack. The company first became aware of the breach on the 4th of November, stating that its data networks have been infiltrated by an “anonymous threat agent” that made off with customer, vendor and employee information dating back as far as 2004.
On Friday the 11th of November, Toronto’s City News reported that some of the stolen data had been posted online, along with a warning by the anonymous hacker that the rest would be posted within 72 hours. Some of the published data include customer credit and betting histories, bank documents relating to the authorization of Casino Rama’s credit, staff member performance reviews, as well as collection agency information pertaining to one Ontario resident’s $100k debt.
So far neither the hacker nor the casino have indicated that the breach was an attempt at extortion, and it seems the motivation for the attack was to expose Casino Rama’s lack of security. According to the hacker’s online posts, it was “extremely simple” to access the casino’s files and that “no security systems were in place”. The hacker further slated the casino, saying they don’t take customers information as seriously as they claim to.
On Friday it also came to the fore that Charney Lawyers PC and Sutts, Strosberg LLP are proposing a C$50 million privacy breach class action lawsuit on behalf of Casino Rama staff, vendors and customers. Affected parties have been welcomed to add their name to the suit on a website created by the attorneys.
Casino Rama’s gaming operations are managed by US regional operator Penn National Gaming, and they insist the casino’s games were not subject to the data violation.