The Casino Rama resort in Ontario is going through an extremely rough patch at the moment. Only two weeks ago the casino announced that its security had been breached by a cyber attack. Now, it seems that there are two serious lawsuits evolving as customers, employees and vendors look for reparations for damage done following the breach.
The attack exposed a number of confidential documents as a demonstration by the hacker that access to sensitive data could be obtained without any problem. In fact, the individual or group responsible for the breach described that hacking the casino’s database was “extremely simple” and that “no security systems were in place leaving the casino network wide open”. While this may be true, it’s no certainty as this doesn’t happen all the time and after all, even the most secure sites can be attacked if the hacker is skilled enough.
According to Toronto’s CityNews, the type of documents exposed varied, including the casino staff’s personal information, company emails, financial reports, debt information, credit processing and other classified data.
The official statement released by Casino Rama following these events was as follows: “There is now evidence that stolen customer and employee personal information has been published on the Internet.
We urge past and present Casino Rama Resort employees and customers who have provided personal or financial information to the casino to actively monitor their financial accounts and information, and to report any suspicious activity immediately to their financial institutions.
There is an ongoing investigation into this matter by law enforcement and we will not be confirming any of the stolen data to protect the identity of any affected individuals.
Casino Rama Resort deeply regrets the situation and recognizes the seriousness of this issue. While we continue to investigate we appreciate the understanding of our customers, employees and stakeholders.”
Casino Rama tried to combat the situation by setting up a web page to keep customers informed about the proceedings, but this was only cold comfort for anyone who had already been affected. It seems that not all the threatened documents were leaked, but whether the hacker was trying to extort money from the casino, or whether the attempt had succeeded, was not made public.
Any hopes of understanding held by Casino Rama were quickly squashed as two law firms in Toronto didn’t waste any time in announcing their plans for the launch of class-action lawsuits in connection with the security breach. The first is Charney Lawyers PC and Sutts, Strosberg LLP who announced a $50 million suit against Casino Rama. The second is Flaherty McCarthy LLP who are claiming $500 million as their class action suit which is aimed at Penn National Gaming and the OLG, in addition to Casino Rama.
This isn’t the first case of a casino being cyber attacked. Recently it was the leading UK gaming brand William Hill. The popular bookmaker was subjected to a DDoS (distributed denial of service) attack that took the site down completely, but no sensitive information was put at any risk of exposure. Before that, in 2014, The Las Vegas Sands Bethlehem was attacked and subjected to a significant security breach by hackers.
The protection of information online is a constant battle between hackers and cyber security companies. Fortunately, not all hackers have evil intentions and security breaches of this nature don’t happen all the time. Sometimes events like these can also have a good side – if Casino Rama was indeed negligent in terms of securing its data, then this event will surely be a wake up call. This case will definitely make other casinos take note and take necessary measures in making sure their security systems are up to scratch. Of course, when it comes to online casinos the aspect of cyber security is far more at the fore of the casino’s structure, but land-based casinos also need to realize that this threat needs to be taken seriously.